Step-by-step guide: Elevating privileges for an administrator

Administrators, of course, have a legitimate need to run as admin, but they don't need to do everything as admin all the time. Unfortunately, Windows only accommodates one security level at a time. Running as admin all the time opens up some unnecessary security risks.

Not that using limited user accounts are a "silver bullet" for all security concerns. Limited user accounts, or LUAs, will help mitigate the risk of malware that depends on admin privileges. LUAs will not prevent any of the following dangers:

• Anything you can do to yourself
• Weak admin passwords
• Attacks on services
• Phishing
• Stupidity

That said, administrators need to know how to elevate privileges as needed. Fast User switching is the best way (see Serdar Yegulalp's article on Fast User Switching), but it is not available in a corporate domain environment.

That leaves us a few other options.

Elevating privileges for administrators

 Home: Introduction
 Step 1: RunAs dialog
 Step 2: RunAs command line
 Step 3: Differentiating security levels
 Step 4: MakeMeAdmin
 Step 5: Caveats
 Step 6: Resources

ABOUT THE AUTHOR:

Aaron Margosis is a Senior Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He specializes in application development on Microsoft platforms and products with an emphasis on application and platform security. Aaron has blogged extensively about how to run Windows as a non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and Masters Degrees from the University of Virginia, and calls Arlington, VA, home. Copyright 2005 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Protocols and Services Vista SP1 vs. XP SP3 -- upgrade or business as usual? How to solve Windows security log mysteries How to generate actions from events in Microsoft Vista Blocking peer-to-peer applications Step 1: Blocking peer-to-peer applications Multiple Connections - Management Checklist: Protecting users from themselves WinDump: The tcpdump tool for Windows Client hardening Employee gadgets pose security risk to companies Microsoft Windows XP Security Kerberos authentication for network login on non-Windows networks Copying files across drives I reinstalled my OS and lost all my files! Yes or no on Microsoft Firewall and other Windows hardening advice Can I avoid re-installing Windows XP? Windows XP SP2 installation fouling up system startup? Process Explorer 10.2: Client security aid BIOS password hacking Russinovich: Rootkits are more serious than ever VPN connection issues post Windows XP SP2 upgrade Authentication Correct improperly assigned user rights in Windows XP How do I track file access in Windows folders? Password security in Windows XP Professional Cool things about security, nothing about Britney Spears Sharing files and folders in Windows XP Reduce resistance to creating strong computer passwords Crack the admin password in Windows XP Looking ahead to life without passwords Learning center: Remote access authentication Troubleshooting your Windows-based VPN Authentication Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary patch  (SearchWindowsSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary