Helping people with computers... one answer at a time.
DropMyRights is a small program that lets you securely run programs with more restrictions than they might get based on your login account.
I am using windows XP. I want to use my computer with administrator privileges. For browsing or using reading e-mails, I'd like to act temporarily as a guest with limited privileges. My aim is to increase safety. Is there a way to do it easily?
Running as a "Limited User" in Windows XP is the ideal scenario, where everything you do is subject to administrative restrictions. Unfortunately, for many people it's simply not practical to do so. Many applications require administrative access either to install, or occasionally even to run. It doesn't always make sense, but it's also something we seem to have little control over.
The result is that we regularly login to our Windows XP machine as Administrator, or as another account that has Administrator privileges. We can do anything.
The problem is simple: if we can do anything, so can any malware we might accidentally execute.
One solution is the approach that UAC in Windows Vista took: you might login as Administrator, but you're not really administrator. When something happens that requires administrative access, you're requested to confirm it.
Windows XP doesn't have this option. When you're Administrator, you're administrator.
One approach is to login as administrator, but run programs though which exploits are common - say your web browser or email program - with more restrictive rights.
That's exactly what DropMyRights does.
After downloading and installing DropMyRights, you then only need to modify the shortcut that starts your browser. For example, here's a default shortcut for starting Internet Explorer:
Here's a shortcut, modified to use DropMyRights:
The only difference is that "DropMyRights " has been inserted before the name of the executable ("C:\Program Files\Internet Explorer\iexplore.exe"). Now instead of IE running with administrative privileges, it runs as a normal, or limited user.
Why is this valuable? Because limited users don't have the permissions required to install things where malware likes to install things. If you happen to mistakenly venture to a site that attempts to install malware .. it can't.
You might consider running any program that could be a vector for accidentally installing malware through DropMyRights; your browser and your email program are two obvious choices.
If you actually do want to install something, say an update to Flash Player or some other activex control or program, you won't be able to. You'll need to save that original shortcut that started the program with administrative rights, and run that just long enough to take the update you need.
The shortcut icon might change. Just click the Change Icon... button, locate the original executable (iexplore.exe in our example above), and select an icon from there.
This may not work for all programs. As I said at the beginning of this article, some programs, for reasons that don't always make sense, simply require administrative privileges.
DropMyRights is actually an old program, dating back to 2004, written by a Microsoft engineer, and free on Microsoft's MSDN site. It's a very simple program, and its source code is even displayed there for those so inclined.
It's not a utility that can fix everything, by any means, but DropMyRights is a useful tool to have in your arsenal against malware.
I recommend it.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.