Get your friends and family, all those folks that come to you for computer help once their machines have become hopelessly hijacked and infected by spyware and malware, to learn how to run as non-admin.
Aaron does a webcast you can watch (passport sign-in required) to teach them all how to use Run As way more often and reduce the attack surface of their home machines. Once you clear the registration bars, you can download this preso for offline viewing. Find the preso here TechNet Webcast: Tips and Tricks to Running Windows with Least Privilege (Level 300).
Read Aaron’s blog for more info. Like the info below:
The “why” posts:
Not running as admin…
Why you shouldn’t run as admin…
“Zero-day” attacks and using limited privilege
Expect to see more malware predating the patches – and how you can protect yourself. (Or, “Why you shouldn’t run as admin, Part 2”)
And then the “How-To” posts:
The easiest way to run as non-admin
This is the really important one for your non-techie friends and relatives …
“RunAs” basic (and intermediate) topics
A whole lot of detail about how to use “RunAs” to run programs under a different account.
RunAs with Explorer
How to get Windows Explorer to work with RunAs (and why you might want to).
MakeMeAdmin — temporary admin for your Limited User account
How to quickly and temporarily give your non-admin account administrator privileges, without having to log out.
MakeMeAdmin script updates, and a security setting you should change
PrivBar — An IE/Explorer toolbar to show current privilege level
A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is running
Running restricted — What does the “protect my computer” option mean?
What does it mean to “Run as current user” with the option to “Protect my computer and data from unauthorized program activity”?
Remembering Calculator and Character Map Settings
Managing Power Options as a non-administrator
Ctrl-C doesn’t work in RUNAS or MakeMeAdmin command shells
Changing the system date, time and/or time zone
Addressing one of the most common complaints about running as non-admin
How to allow users to manage file and print shares without granting other advanced privileges