Desktop SoftwareSecuritySystem Administration

So, How Do I Drop Those Administrative Rights, Anyway?

Posted petern

Note: While some of the content in this post is dated and no longer applicable, the principles and techniques remain valid as of late 2014.

If you’ve read my previous post on why administrative rights over your computer are a bad thing and you are motivated to do something about it, you might ask “just how do I go about dropping these rights to make my system more stable and less prone to malware?”

There are several options.

  1. Use Windows Vista or later. (Gah! I can’t believe I just suggested that. If you know me, you know I really don’t like Vista. Hopefully Windows 7, which looks promising, will be better.) This is because Vista makes you not an administrator by default, which is the opposite of the way XP and previous Windows versions did things.
  2. Make a standard, non-privileged account and use it every day. Make a separate, administrator account, and use it only when absolutely necessary to install software. As an example, you would do your normal web surfing, email-checking, and word processing stuff as a normal user. But when it came time to install the latest Firefox update, or software patch, you would log off, log on as the administrator account, install the patch, and log off, and log back on again as a regular user. At first, you may think this sounds like a lot of work, but if you consider that you almost always have to reboot after installing new software anyway, the additional time is negligible.
  3. Use DropMyRights from Microsoft. This is a little program which MS distributes for free, that allows you to run programs as a non-privileged account. While it does require a little fiddling to make a batch file or a shortcut, it would only take a few minutes for someone with some IT experience to configure.
  4. Use the RunAs command, which lets you issue a single command to be run as a different user. This is included in Windows XP and later versions, and as far as I can tell, makes DropMyRights irrelevant, as it can also be used by an admin user to lower the rights of a program, such as a web browser, to run as a non-privileged account.
  5. As a self-proclaimed IT contractor and consultant, of course I have to suggest that you have “your IT department” do anything that requires administrative rights. While I realize this may be out of the budget of some small businessess, in reality, you most likely don’t require software to be installed all that often, and can probably get by with this option. As always, if any of these measures sound appealing but you don’t know how to do it yourself, or are just unsure, check with your IT staff for help.

Comments are closed.