My XP Non-Admin Configuration
Having been unable to find the document I know I wrote documenting the stuff I did to set up my non-admin environment on prospertine, I’m starting from scratch.
First, during setup anelson had admin rights; there are some security issues with this, as the user anelson will have write privs on some folders that he shouldn’t, but I’m not going to worry about that now.
I created an admin user, god (no, I don’t use the stock Administrator account). I removed my user account, anelson, from the Administrators group.
I added anelson to the __vmware__ group so I can still use VMWare, and granted Log on as a batch job permission as well.
Next I set up my environment based on the Keith Brown’s guidance:
I created a folder, G:\Tools\AdminShell, which still store all the admin stuff.
In this folder, I created admin_shell.cmd, which will be used to start an admin shell based on Keith Brown’s, but without the domain credentials since I’m not on a domain.
That’s a start, but there are a few things I have to do with admin privs rather often:
- Munge firewall rules
- Browse the filesystem and run files
- Access the control panel
The last two can be done from Explorer, but explorer.exe can’t simply be run from an admin shell, since it will instead adopt the credentials of the existing explorer window. The relevant blog post offers a workaround.