How to Easily Run Programs With Reduced Rights

Having full administrator rights gives the user the highest level of privilege possible. It means that Windows will allow a user to pretty well do anything they want on their PC. That includes installing any program they choose, even programs that change the way the operating system works. Many malware programs including root kits require administrator privileges to install. If users operated with reduced rights such programs couldn't as easily infect their PCs. On other operating systems such as Linux and Mac OS X, users normally run with reduced rights. The more recent versions of Windows do in fact allow users to be assigned to different user groups with different privileges. In order of reducing privilege these are: "administrator", "power user" group, "user" group and "guest". Sign on as the reduced rights user for normal PC use and then logout and use the administrator rights user account for program installation, registry editing and other demanding tasks. In this way by having two user accounts on PC: one with full administrator rights and the other with reduced rights. Constantly switching users or logging in and out of these accounts is a pain . Always operate as a reduced privilege user and use the special Windows "run as" function from the command window or context menu when you needed to run a program that requires administrator privileges. It's a slightly more workable solution but not exactly convenient as you need to enter your admin account password every time. An Open Source utility called RunAsAdmin Explorer Shim( RES). RES is a Windows XP program that allows you to sign-in as an administrator but work within a Windows shell with reduced rights. It works by placing an icon in the system notification area of your tray. Clicking this icon brings up a menu that allows to run programs with several different level of trust from "administrator" through to "user." With this can do day-to-day work in a restricted rights shell but easily run any program that requires elevated privileges without the need to logoff or enter the admin password. You have the advantage of safety and convenience at the same time. It wasn't built into Windows XP. There are also two versions available: a stable V1 release and a V2 beta. I installed the latter is working fine though. It took a few setting changes and reboots to get everything working perfectly. It's definitely not a task for the faint hearted or technically challenged but neither is using "run as." To un-install RES start up a command window with admin rights and enter the command c:\Windows\Shim\Explorer.exe /r Logoff as the current user and while re-login, the usual rights for that user account.Then can delete the c:\Windows\Shim\Explorer.exe folder. Non technical users will have to use Windows Vista to get a satisfactory solution to the user rights problem. Setting up a limited account may be easy but using it can be a real pain. For example you won't be able to install most programs. You won't be able to update others. Most users though, find using a limited account to be simply too embarrassing and inopportune. That said using a limited account is an excellent solution for advanced users.