Security change in XP sp3 and windows 7
Posted on 2010-09-15
This was brought to my attention today by one of our helpdesk staff. In the past using windows xp sp2 we used to be able to select the internet explorer icon from the quick launch bar right click and select run as. This would allow you to enter alternate credentials, say those of an administrator. '
At this point you would be running internet explorer as the admin user account. I have confirmed that this part still works. Using the run as on internet explorer you can still open an ie window as admin user.
Now here is the tricky part. In service pack 2 what you used to be able to do was type C:\ in the admin internet explorer session and you would then get an explorer window that appeared that was also running in an admin context. From this explorer window you could do pretty much anything you wanted add/delete files, add printers, etc.
It appears that in xp sp3 and windows 7 there was some kind of security modification made that no longer allows you to do this. You can launch the admin IE session but when you type C:\ and hit enter you are present with an explorer window using the currently logged on username. Tested this by running the echo %username% command.
Furthermore even directly right clicking and selecting run as on a cmd.exe in windows/system32 will allow it to open as the user you enter credentials for but when you attempt to run explorer.exe nothing will happen.
Its almost as if MS disabled the running of explorer.exe as anyone but the logged on user account. Does anyone know if this is true and if so is there a way around this? Is there any documentation as to why this might have been done?