Problem solve Get help with specific problems with your technologies, process and projects.

Step 3: Differentiating security levels

Administrators need admin privileges, but not all the time. Learn how to work securely by only elevating your privileges as necessary.

I find it very valuable when I am running apps with multiple security contexts on one desktop to be able to easily tell them apart. I don't want to accidentally use something running in the command shell running as admin if I didn't specifically want to run it as admin.

cmd.exe /t:fc /k cd c: && title ***** Admin console *****

In this example, this shows you how you to use command line options to visually differentiate a command shell. The /t will change the color, /k says run these commands then don't close when you are done running them.

I like to change the title and the color and also change out of System32, I prefer to run out of a different location, for instance the home directory in the C:. The C: is a little less dangerous, it seems to me than System32.

For Explorer and Internet Explorer you can specify a background bitmap that appears over the toolbars menu.

The easiest way to do that is to download and run TweakUI (see resources) and go to IE options and choose a bitmap. Above is the Explorer running as Admin bitmap that I like to use. That way, whenever you are running Explorer or IE with the admin account, this background bitmap appears and you can easily tell it is running as Admin.

Elevating privileges for administrators

 Home: Introduction
 Step 1: RunAs dialog
 Step 2: RunAs command line
 Step 3: Differentiating security levels
 Step 4: MakeMeAdmin
 Step 5: Caveats
 Step 6: Resources

Aaron Margosis is a Senior Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He specializes in application development on Microsoft platforms and products with an emphasis on application and platform security. Aaron has blogged extensively about how to run Windows as a non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and Masters Degrees from the University of Virginia, and calls Arlington, VA, home.
Copyright 2005 TechTarget

Dig Deeper on Enterprise desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.