Linked by Thom Holwerda on Wed 31st Mar 2010 14:41 UTC
Windows As geeks, we're well aware of the importance of running as a normal user instead of as root (UNIX/Linux/BSD) or administrator (Windows). However, while this should be common knowledge to anyone reading OSNews, it's often hard to illustrate just how important it is - until now, that is. A report by BeyondTrust looked at how many security bulletins issused by Microsoft are mitigated by simply... Not running as administrator.
Permalink for comment 417073
To read all comments associated with this story, please click here.
erexx
Member since:
2010-04-05

Use Runnas.exe
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=15...

Use this to run almost any app in a limited account.

Simply create a new "token user" account on the network dc.
Add it to the local admin group of the machine.
Generate all security tokens using this user account.
Run all apps needing admin rights using runnas.exe and its associated TOK file.

For additional security lock the user account down by putting in its own restricted user organizational unit (restricted by gpo)

If you need to hide the dos box that pops up use "console tool.exe" or "runh.exe" located here.
Both great for hiding startup scripts at user boot and completely hiding a dos box in general.
http://www.virtualizationadmin.com/terminal-services/download.htm

Reply Score: 1