[lotuseclat79]

Here is how to Run a Web Browser (or any other Internet facing application, like Email clients) from an Admin account with reduced permissions. Visit the following two web pages at MS and download the two .msi files.

DropMyRights.msi: http://msdn.microsoft.com/library/de...re11152004.asp
SetSafer.msi: http://msdn.microsoft.com/library/de...rity/safer.asp

In order to implement the strategy of dropping your Admin rights for any Internet facing application, you will need to follow the instructions on the 2nd webpage which is Part 2. There, the instructions are straightforward for implementing the Local Security Policy revisions which is the method I used.

In other words, if you just create a revised shortcut from the information in the 1st web page, it will not work until the information in the 2nd web page is applied.

In order to properly verify the dropped priviledges of the executable, it is recommended to download/install/run Process Explorer and double-click on the (web browser) process to display the security privledge under which the process is executing. Process Explorer v9.25: http://www.sysinternals.com/Processe...Utilities.html

One caveat is that you will have to reboot to actually see the changes, since they are registry related, and the registry changes are not dynamic AFAIK, but take effect on the next startup.

Another caveat is that when getting Windows Updates you will probably have to kill the Normal user instance of your browser and startup an Administrator level privilege instance of the web browser to get the Windows Updates - easy to do, as explained at the end of the 2nd web page above.

-- Tom