One of the most important changes in the upcoming Windows Vista release is the way it will handle user rights. It will allow you to log in as an administrator without having to run all your applications in that context. That's been a major security issue for far too long, and I'm glad to see that Microsoft has addressed it.
But Vista is still a long way off. Most of us are probably not going to end up using it until 2007 at the earliest. In the meantime, we're stuck with the possibility of catching something nasty from the Web when we run IE as an administrator.
For now, you may want to take advantage of a Group Policy technology called Software Restriction Policies (SAFER). Normally used to block users from running specific applications entirely, it can also be used to run applications in a reduced-privilege context. SAFER allows you to run an application in five modes:
- Unrestricted: Run normally
- Normal User: Run as a regular (non-admin) user
- Constrained: Run as a restricted (guest) user
- Untrusted: As with Constrained, but with additional restrictions including lack of access to cryptography
- Disallow: Do not run at all
Michael Howard, a member of Microsoft's Secure Windows Inititative team, has written a utility called
As an aside, one of the much-bandied-about solutions to IE's present state of insecurity is to replace it with another browser, such as Firefox. However, one problem with using Firefox as a catchall replacement for IE is that it is difficult to centrally administer from Group Policy (something many administrators have complained about).
This tip originally appeared on SearchWinSystems.com.
Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
More information from SearchWinSystems.com
- Tip: Prevent Internet Explorer from remembering passwords
- Topic: Web browsing
- RSS: Sign up for our RSS feed to receive expert advice every day.
This was first published in March 2006