My limited user seems not so limited (XP)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Having a problem..  In an effort to better secure my home computer, I
created a new admin-level user (this is XP Home, by the way) with a
really long password, logged in as THAT user and changed my usual
account and my wife's account to "limited user" level.  Then I shut
down and restarted the computer.  Logged in as my usual self (now
LIMITED, mind you) and proceeded to test if I really was locked down
like I wanted.

So I went into my Norton antivirus and tried to change settings - no
dice.  *Good* so far, right?  I tried creating files on c:\ and got
access denied.  GOOD, right?  Well, next I downloaded some software off
the internet and installed it and it installed just fine, even making
registry entries all over the place.

WHY???  Why was the software install not blocked?  I was able to
install both Google Earth and a Trojan simulator called
TrojanSimulator, which is now resident in memory (TServ.exe) AND has a
registry entry to help it start up next time I reboot (nice, huh?)

I thought the limited user in XP was supposed to prevent this crap!!

Re: My limited user seems not so limited (XP) wrote:
Quoted text here. Click to load it


Having limited user rights does not prevent from running malware.

Having limited user rights does prevent malware from doing too much harm
without an extra privilege elevation, though. And having limited user
rights does lead to a situation, that when malware is detected, you
don't need to flatten and rebuild the complete computer, but it's enough
to delete the infected user profile (if it is secure, that there was no
privilege elevation possible), so it's much faster to recover to a safe

Viel schlimmer als die Implementation von PHP ist jedoch das Design.

                              Rudolf Polzer in

Re: My limited user seems not so limited (XP) wrote:

Quoted text here. Click to load it

Good, but actually strange, because the default permission would normally
allow you to create new folders (but no files) in the root directory. I
normally remove that permission, as it allows users to clatter the root
folder with junk.

Quoted text here. Click to load it

Because it was complaint with your permissions.

Quoted text here. Click to load it

Because you didn't explicitly deny exec rights? Because you didn't
explicitily configure Software Restriction Policies to globally remove
exec rights?

Quoted text here. Click to load it

What crap? Works as supposed and designed.

If you don't want the user-specific autorun entry, you can disable it,
either directly of by group policy:

"DisableLocalUserRun"=dword:1 "DisableLocalUserRunOnce"=dword:1

"DisableLocalUserRun"=dword:1 "DisableLocalUserRunOnce"=dword:1

What I recommend is to move the startmenu "Startup" autostart to some more
visible location and to disable any other autostart locations. Then the
user has a clear overview over any startup entry in a pure file-based form
(with no need to use any specific tool like a registry editor).

And actually it's quite good that Google Earth installs flawlessly with
limited rights. However, it's still true that it wouldn't require any
installer at all, and badly written installers are the most common source
for failures on installation. As I already mentioned, one can even make
Adobe PhotoShop CS2 install and run without any installer and any
administrative access.

Site Timeline