In the “last issue, I explained how to use XP without administrator rights to simulate the safety offered by Vista’s User Account Control.
Readers responded with their own tools and tricks to stop programs from gaining full (and therefore risky) access to your system.
Free software lets you limit user access
Some people find it onerous to run Windows as anything but an administrator. For those people, reader Scott Beatty has a suggestion:
- “My favorite way to avoid running selected programs, such as browsers and e-mail clients, with admin rights is to use the Sysinternals program PsExec. I add the following string to the front of the Target for the icon that launches the program that I want to limit.”
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!
Subscribe and get our monthly bonuses - free!
The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!
“c:windowssystem32psexec.exe” -l -d
Although it was intended for launching programs on remote computers, you can use the command-line switches Beatty recommends to run any app as a limited user. The -L switch limits the application’s privileges. The -D switch makes the command window disappear as soon as the program is launched.
For example, to implement Beatty’s tip for Internet Explorer, follow these steps:
Step 1. Right-click the icon you use to launch IE (for example, in your Taskbar’s Quick Launch area) and choose Properties.
Step 2. In the default Shortcut tab, click at the beginning of the Target box and insert the command line Beatty shows above, followed by a space. (Your path may differ, depending on where you install PsExec.) When you’re done, the text in the Target box should read something like:
“c:windowssystem32psexec.exe” -l -d “c:Program FilesInternet Exploreriexplore.exe”
Again, your path may differ if you installed Windows somewhere other than c:windows.
Step 3. To make sure you still see the Internet Explorer icon for this shortcut, click the Change Icon button in the dialog box, enter:
“c:Program FilesInternet Exploreriexplore.exe”
in the box at the top, select the icon from the list that’s shown, and click OK.
Step 4. When you’re all done, click OK again to close the program’s Properties dialog.
The next time you launch IE from this shortcut, it will run as if you logged in as a limited user.
Another way to make IE 7 safer
The Aug. 2 story on simulating User Account Control in XP noted that Vista runs Internet Explorer 7 in the safer “protected mode,” which XP does not. Reader Robert Primak, however, points out that there are steps IE 7 users can take to make surfing a little safer:
- “Scott Dunn could also reference Brian Livingston’s 2006 article, IE 7 Needs Tweaking for Safety. That story provided additional information on security settings.”
Lowering your risks in XP Home and W2K
The Aug. 2 story also mentioned using lurmgr.msc to create a new user account. But a reader who signs his mail Winston reminds us:
- “Lusrmgr.msc activates the Local Users and Groups and is only applicable in XP Pro. In XP Home, a new account is created via the User Accounts tool in the Control Panel. The Power User option is also only available in XP Pro.”
Readers Beatty, Primak, and Winston will receive gift certificates for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.