Link to home
Start Free TrialLog in
Avatar of DeepThnkr
DeepThnkrFlag for United States of America

asked on

How to run without administrator rights, and with convenience?

I am a one man IT shop here,  we are a non-profit with 65 XP SP3 PCs on a Windows 2003 domain.  We (I) will have to implement a policy of not running as Administrator - of course  it seems everything I touch needs admin privaleges.

How do other people do this practicaly without logging in and out a dozen times a day?  
Part two - does anyone use a software solution? There must be something less painful than runas!  (And no, Linux doesn't count, sorry...)

Unfortunately using better authentication (tokens) would not mitigate the risk of reading email as administrator...

Thanks,

Rich
SOLUTION
Avatar of leakim971
leakim971
Flag of Guadeloupe image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Shift-3
Shift-3
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of dicconb
dicconb
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DeepThnkr
DeepThnkr
Flag of United States of America image

ASKER

Thanks for the thoughtful comments.
My question is primarily about me running as an Admin.

This comes up as part of our self-certification for PCI DSS V1.2.
We can't share any user accounts at all since this is a requirement of PCI DSS V1.2.
We will have to create individual admin accounts for our admins.  And then I will have to run as a regular user day to day.

The console idea is a good one.  I already use ManagePC - which is pretty much MMC on steroids (with a little bit of WMI).  Its free and definitely worth looking into.

Users don't have administrator privalege here, but they are in Power Users - which fixes most apps.  I can apply the Process Monitor idea to reign in the balky apps, and remove user's membership in Power Users.

Thanks for your help all,

Deepthnkr