Security on Win2K

[erislover]

I’m tinkering with security settings on a fresh Win2K install. I have the default administrator account with a password, but I wanted to tinker with seeing how far I could lock down my computer for a user and still use it relatively normally.

In the course of this, I created a new user (erislover, surprised?) and assigned it to the Users group which has pretty restricted use. Of course, this user cannot install programs. So far all I’ve been able to do is temporarily grant Power User/Admin privileges for an install, only to remove them again afterwards. The runas command from the console doesn’t seem to install programs like you’d expect.

Is there another way for me to install programs? Like, it prompts for an administrator password or something? Since w2k is profile-driven if I want this to work properly I have to be logged in under the erislover account. Any luck or am I stuck with modifying privileges, logging out, logging in, installing, changing privileges, logging out… ?

[MC_E]

Hold down the shift key and right click on the icon for an installer. There will be a “Run As” option there that works very well. I probably use it 5-10 times a week and almost never have a problem installing anything with a regular “User” logged in and using the local “Administrator” account to install.

[erislover]

Heavenly. Thank you very much.

[erislover]

Worked perfectly. Thanks again.

[MC_E]

erislover:

Worked perfectly. Thanks again.

No problem… glad I could help out.

[Ximenean]

One thing I had trouble with – it can be difficult to use ‘Run As…’ with Explorer, which you might well want to do. This is because explorer.exe is already running under the non-Administrator account. A couple of ways round it - you can use Internet Explorer (iexplore.exe) instead (it allows you to navigate to local drives, where it functions much like Explorer) or, while logged in as Administrator, open an Explorer window and enable ‘Launch folder windows in a separate process’ under Tools/Folder Options/View.

[MC_E]

Usram:

One thing I had trouble with – it can be difficult to use ‘Run As…’ with Explorer, which you might well want to do. This is because explorer.exe is already running under the non-Administrator account. A couple of ways round it - you can use Internet Explorer (iexplore.exe) instead (it allows you to navigate to local drives, where it functions much like Explorer) or, while logged in as Administrator, open an Explorer window and enable ‘Launch folder windows in a separate process’ under Tools/Folder Options/View.

My trick for that issue is to map a drive to the c$ share of the PC you are using, mapping it with the administrator user name and password. You can then access the drive as the administrator could.

Did I explain that clearly? I do it on 2000 Pro and XP Pro, not sure if it works on XP Home.

[Ximenean]

MC$E:

My trick for that issue is to map a drive to the c$ share of the PC you are using, mapping it with the administrator user name and password. You can then access the drive as the administrator could.

Yeah, I don’t like to have the Server service running if I can avoid it, though.