Tool helps administrators run applications with limited user privileges

A tool called RunAsLimitedUser allows administrators to run any application in a limited-user context.

This tip originally appeared on SearchWinSystems.com, a sister site of SearchSMB.com.

With all the furor about security in Windows, there's lots of talk about how running programs with elevated user privileges often contributes to security problems. This is as much the fault of the operating system as it is the software: There are some programs that are so badly written that they can't run as anything but Administrator. That's inconvenient for users, as well as a major problem for real administrators who don't want to have things run in elevated privileges at all.

One tool I've found that helps work out these issues is a freeware application called RunAsLimitedUser. It does exactly what its name suggests: It runs any application in a limited-user context with no fanfare or complex setup. When installed, it creates an account named LimitedUser with limited privileges and sets a password on it randomly. (The password is stored in the Registry, but encrypted with a one-way hash to prevent casual hackery.)

Right-click on an application and you'll get the option to Run as Limited User, which launches the application in the LimitedUser context. If you want to find out if a given application (custom or third-party) works properly as a limited user, this is an easy way to do it.

There are two reasons why RunAsLimitedUser stands out from the other solutions in this space.

  • It uses an actual limited-user account. In other words, it doesn't work by deprecating rights on the account you're using, so it's a more realistic way to assess limited-user behavior.
  • It is very easily deployed. Once installed, all you have to do is right-click on an application and run it from there, so it's perfect when you want to test something on the spur of the moment. ("Oh, will this work as a limited user?")

Note: This tool has only been tested to work in Windows XP. (SP2 isn't required but is probably a good idea.) But in theory, it should also work in Windows 2000.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators.

More information from SearchWinSystems.com



This was first published in April 2006

Dig deeper on Data centers and virtualization for Small Business

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close