Solved

Guest Account.

Posted on 2006-10-25
2
384 Views
Last Modified: 2010-04-11
Hi!
I recently got a virus infection.
Think i got it from opening a mail.
My antivirus did not block it in time.

Anyway, have reformatted it.
As now is a new system, was initially thinking of setting this account to ONLY guest group.
As then this will NOT allow me ( guest account ) to write into registry and stuff like that.

I heard that some apps needs "write" access and was wondering if anyone can point the direction to me which are the ones needed.
Maybe like normal.dot? or something like that.

This computer is for office use.
So it wont be "installing" any apps very often.

Please advice.
Cheers!
Darence
0
Comment
Question by:darenceang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 25 total points
ID: 17802418
Use the tools from sysinternals to monitor the registry and file access of an application.
Regmon and filemon:
http://www.sysinternals.com/Utilities/Regmon.html
http://www.sysinternals.com/Utilities/Diskmon.html

What you are trying to implement is called 'user least privilige' and I'm glad you are doing it. From a security standpoint this is a very good idea.
But don't overdo it. A normal user account is also OK, guest is not required.

J.

0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17802723
The Principal of least privilege can be hard to adjust to. There are tools like RunAs built into M$ win2k, XP, 2003, that will help you with this. When a program, like a setup.exe or setup.msi need to be run with a higher privilege, you can use runas to give that app admin rights so it can install or run. There are many games and other software that need to write to certain directories or to the registry that can't because the group the account is in doesn't have a high enough priv, runas will allow you to remain logged in as the same user, but run the app as a different user. I have a runas script that allows you to drag and drop a setup.exe for example on to the .vbs (or vbe if you encrypt the .vbs). The password is stored in the script itself, or you can simply use runas by right-clicking the program and select runas, then enter "administrator (or whatever admin account you'd like to use) then the password" or you can use runas from the command line.
http://www.xinn.org/RunasVBS.html
Here are some great tips and programs that can also help! http://nonadmin.editme.com/ 
http://nonadmin.editme.com/sudoWn 
http://sourceforge.net/project/showfiles.php?group_id=143653&package_id=157780&release_id=427299
http://launch-admin.sourceforge.net/
http://nonadmin.editme.com/UsefulTools
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
-rich
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question