Thanks Rhelic for this submission. Summary: This allows you to be administrator but run any program (ex: IE) in non Admin mode, protecting you from spyware & viruses properly. Keep in mind we're using ONLY tools created by Microsoft, no 3rd party here. This only works for XP or newer.
Summary: This allows you to be administrator but run any program (ex: IE) in non Admin mode, protecting you from spyware & viruses properly. Keep in mind we're using ONLY tools created by Microsoft, no 3rd party here. On a personal note, if you have elevated access on the domain or any server, I would highly recommend you follow these steps. This only works for Win2000 or newer.
Step 1. Install the MS Tool "Drop My Rights" from:
Step 2. Choose to install it to your WinDir folder (often C:\Windows\ ), do not create a special folder for it!
Step 3. When you want to run a program you can't trust (ex: IE) simply set your icon's Target (found in the icon properties) to something like this
%windir%\DropMyRights.exe "C:\Program Files\Internet Explorer\iexplore.exe" n
The "n" is the privilege mode, you can choose from:
* "n" is normal non-admin user mode (best choice)
You still are yourself minus the admin privileges. Keep in mind that "n" mode still gives IE (spyware, virus) power over your personal files (read, delete), but prevents the spyware/virus from installing or infecting anything. You should always surf this way 24/7
* "c" is for paranoid mode
Most things work, there is no read/write access to your files (this includes favorites) so you are protected from most anything.
* "u" is for super paranoid mode but most things won't work correctly.
if you want to access a truly dangerous site then you want this setting
Step 4. (Optional) If you want to add a (MS created) toolbar to IE that shows your current privileges check
- If you want to install an app you get from the web, save it to your PC first, you won't be able to install it from within IE in protected mode (this is a good thing)
- If you want to install a new ActiveX component, you'll have to run IE in traditional unsecure mode.
- Any application that the 1st application launches will use the same restrictive rights (ex: while in IE you click a PDF or Media Player, they will run in the same restricted mode).
- Windows Vista 2006 will have official support for this natively and will run IE in reduced mode by default
Source:→ MSFNMicrosoft, IE, Internet Explorer, How To, Fix, Security