Lower user privileges
Working with the rights of an Administrator is not advisable because admins are highest in a user hierarchy and therefore are allowed to exercise full control of a system. If the user is logged on with admin’s privileges, he/she can start any program, install any driver, register arbitrary service and do just about every other type of activity that could be dangerous to a PC. If malware is unknowingly started with the admin rights, it can do whatever it wants.
On the other hand, if a user is logged on as Restricted User, for instance, he is not allowed to make critical modifications to the system and run vulnerable services. This limits the impact of possible malware if it’s started from the limited account.
Users can designate/change account properties from the Control Panel’s User Accounts menu by clicking “Change my account type”.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Posted in Security Tip of the Week
June 17th, 2008 at 7:49 am
Well, it would be nice, but some applications (such as Agnitum Outpost) will not run unless the user has Administrator privelege.
June 17th, 2008 at 1:21 pm
Drop My rights
This is a file that Microssoft had created to Drop rigths os administrater users to work without administrater rights (Normal user).
Can you tell me how it works. I’ve read some but it is a litle confused..~
Thks
June 18th, 2008 at 8:31 am
To Carlos Ventura: I’ve not yet seen Drop My Rights, but my understanding is that the program is similar to UAC in Vista – it lowers privileges of the currently logged user and elevates them only in case that warrants it – driver or software installation, for instance. It may also display user prompt seeking permission, I guess. As soon as I have time, I’ll get back to you on this through this blog.
Igor Pankov,
Agnitum
June 18th, 2008 at 8:36 am
To C Wacalwik: Outpost is designed to work under non-administrator user environment.
Igor Pankov,
Agnitum
July 16th, 2008 at 11:50 am
Thank you Igor. We’re using very old free Outpost (2002); I’m sure it fails to filter packets unless administrator privileges (XP SP2 AMD Athlon-64 dual-boot with Win98 on C:). Otherwise it is a beautiful firewall.