I find it very valuable when I am running apps with multiple security contexts on one desktop to be able to easily tell them apart. I don't want to accidentally use something running in the command shell running as admin if I didn't specifically want to run it as admin.
cmd.exe /t:fc /k cd c: && title ***** Admin console *****
In this example, this shows you how you to use command line options to visually differentiate a command shell. The /t will change the color, /k says run these commands then don't close when you are done running them.
I like to change the title and the color and also change out of System32, I prefer to run out of a different location, for instance the home directory in the C:. The C: is a little less dangerous, it seems to me than System32.
For Explorer and Internet Explorer you can specify a background bitmap that appears over the toolbars menu.
The easiest way to do that is to download and run TweakUI (see resources) and go to IE options and choose a bitmap. Above is the Explorer running as Admin bitmap that I like to use. That way, whenever you are running Explorer or IE with the admin account, this background bitmap appears and you can easily tell it is running as Admin.
Elevating privileges for administrators
Step 1: RunAs dialog
Step 2: RunAs command line
Step 3: Differentiating security levels
Step 4: MakeMeAdmin
Step 5: Caveats
Step 6: Resources
|ABOUT THE AUTHOR:|
| Aaron Margosis is a Senior
Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He
specializes in application development on Microsoft platforms and products with an emphasis on
application and platform security. Aaron has blogged extensively about how to run Windows as a
non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and
Masters Degrees from the University of Virginia, and calls Arlington, VA, home.
Copyright 2005 TechTarget
This was first published in April 2006