Tip for Switching Users ...

Status
Not open for further replies.
D

DelJo63

For users logging in on Limited Access Accounts (which is highly recommended for extra security protection):

While Limited Rights adds security, it also impacts your maintenance activities,
such as changing system settings, altering users passwords, install/remove programs.
This typically requires you to
  1. Switch Users to the Admin account,
  2. perform the task
  3. and then Switch back to your Limited Account;
... gets to be an annoyance.

Here's a tip that will save you lots of time:

For any shortcut on the desktop and most items on the Start Bar,
you can right-click for a menu, which may contain a Run As... entry.
Slide to it and click. A dialog appears with the
which user account do you want to run this program?
The second radio button will enable the User Name & Password text boxes
where you can enter the Admin name for your system and its password.

To get Admin Rights:

If you right-click on a Command Prompt shortcut and Run As Admin,
you can enter control and perform tasks from the Control panel :)
including Add/Remove, Admin Tools, User Accounts, System .....

You can even launch the explorer.exe but it will understand how you
got here, so don't try the MS Updates on IE ... it will force you into a
real Switch User scenario :(

As long as you keep the Command Prompt window, it will retain the correct
privileges to perform other tasks ...

If you can get Admin rights, you can also Run As any other user login,
eg: when logged into Admin, you can Run As joe-limited-user to read email :)


[moderator: like to see this under Guides and Issues Solved please :) ]
 
Yes, I use 'run as' regularly in the limited access account, but am slightly disturbed by one aspect. Although the pc is well protected from intrusion (I hope), should a keylogger be tucked away somewhere, I have given away my admin password and opened up the protected area.

Of course the same thing applies for those jobs which must be done on line as administrator.
 
Hatrick said:
should a keylogger be tucked away somewhere, I have given away my admin password and opened up the protected area.
if there is one, it's likely to be running at login anyway so your snafu already
 
No, I've no password for limited access a/c - pointless - and I go there directly at login if going online.

Of course, you are right if the loggers install themselves in Windows, but they can only do that if I use 'run as' or go online as admin, can't they?
 
Hatrick said:
No, I've no password for limited access a/c - pointless - and I go there directly at login if going online.
OUCH! Lot's of luck -- I'm paranoid and run a secured system and thus would
never allow an account w/o a password

Of course, you are right if the loggers install themselves in Windows, but they can only do that if I use 'run as' or go online as admin, can't they?
one can only hope, but it's better to not ASSUME
define assume:making an A** out of You and Me
 
Surely the password is only protection until it's used? Once logged on, with or without it, you are down to firewall, spyware and anti-virus protection.

I like the definition. Yours?
 
Hatrick said:
Surely the password is only protection until it's used? Once logged on, with or without it, you are down to firewall, spyware and anti-virus protection.
obviously. the issue is to make it difficult to use a back-door to gain access to
ANY account, not just the admin. fyi: simple file sharing uses the guest account and its password -- strongly suggesting you need one there too :)
I like the definition. Yours?
no :)
 
Hatrick said:
Guest a/c is off, so no back door - except through 'run as'.
sorry, not so. Guest Account inactive only prohibits keyboard login, not file sharing access. See MS KB articles on file sharing :)
 
Status
Not open for further replies.
Back