Listen...You Smell Something?

Working without Admin rights

In my previous post I talked about how I started to work with a Limited User Account (LUA). I've found that as long as you have a couple of tools and a good idea of what is going on working without Administrative rights is not too bad. There are times that you need Administrative rights to get things done though. The most common for me is installing new software. The Program Files directory is a restricted area with read only rights for LUA users. To install software you have several choices:

1. Log out and then log on as Administrator and install the software
2. If you are not in a domain you can use Fast User Switching to leave your LUA acocunt logged in and still log in with an Administrative account to install the software
3. Temporarily make your account part of the Administrators group to install the software

The first 2 items are pretty self explanatory. The third item requires a little explaining. How do you temporarily add your account to the Administrators group? You can do it the hard way through the control panel or you can do it the easy way by downloading and running a script called MakeMeAdmin(complete description found on Aaron Margosis' Blog). When you run the script (after a little customization of user names of course) it will prompt you for the password for an Administrator account (or any account that has the right to add and remove users from the Administrators group) and then prompt for your LUA account password. If both of those are correct it will open a command prompt window (with a red background to warn that thsi command prompt has admin rights). Since processes gain the security rights of the process that launched them then anything you run from this command prompt has admin rights (Windows Explorer can be an exception. See this post for more information). Now you can install software without having to leave the confines of your LUA account. Pretty nifty (yes, I just said nifty).

There's one more tool that needs to be mentioned and that is PrivBar(Once again, complete information on Aaron Margosis' Blog). What PrivBar does is adds aother toolbar to Windows Explorer and Internet Explorer that shows what rights that instance has. If you don't install PrivBar and use MakeMeAdmin to launch a WIndows Explorer it is really easy to get the one with admin rights mixed up with ones that don't have admin rights. That is really the purpose of PrivBar: help you keep your windows straight.

The combination of MakeMeAdmin and PrivBar is a good start to being able to handle the tasks that require admin rights while still managing to spend the majority of your computer time without them. MakeMeAdmin is especially useful because you can combine it with a general knowledge of commands to do just about anything you can do from the Control Panel. The trick is knowing what to type at the command prompt to get the desired control panels applets (or whatever they are called) to come up. Here is a list of ones I find useful:

• Access.cpl - Accessibility
• appwiz.cpl - Add/Remove programs
• desk.cpl - display properties
• firewall.cpl - Windows firewall settings
• hdwwiz.cpl - Add hardware wizard
• inetcpl.cpl - Internet Explorer properties
• intl.cpl - Regional language settings
• joy.cpl - Game comtrollers
• main.cpl - mouse properties
• mmsys.cp, - Sounds and Audio device properties
• ncpa.cpl - Network connections
• netsetup.cpl - Network Setup Wizard
• nusrmgr.cpl - User Accounts
• odbccp32.cpl - ODBC Data source Admin
• powercfg.cpl - Power properties
• sysdm.cpl - System properties
• timedate.cpl - time and date properties
• wscui.cpl - Windows security center
• compmgmt.msc - Computer Management
• devmgmt.msc - Device Manager
• perfmon.msc - Performance monitor
• services.msc - Services
• secpol.msc - Local policy editor
• eventvwr.msc - Event Viewer