Hidden Microsoft Security Gem

So, Max has been fun to play with – if only for its basic photo slideshow capabilities. The newspaper-styled feed reading is a bonus, although I’d like to see its layout aesthetics merged with FeedJournal functionality (which pumps out PDFs of your feeds for free). This is the kind of “Windows” I just can’t wait to see on the desktop.

But as the title of this entry states, there’s a Microsoft security tool that really hasn’t received the attention it deserves: DropMyRights. Bad name, great idea. With it, you can easily run programs outside of Administrator mode:

DropMyRights is a very simple application to help users who must run as an administrator run applications in a much-safer contextâ€?that of a non-administrator. It does this by taking the current user’s token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla’s Firefox, Eudora, or Lotus Notes e-mail.

10 thoughts on “Hidden Microsoft Security Gem”

  1. Pingback: SocioBiblog
  2. Did you look at the screenshots? I’m curious as to why a Microsoft Senior Security Program Manager has screenshots with the location as C:\warez\…

    Everyone that’s been around the block knows that ‘warez’ refers to pirated software. Gee.

  3. Pingback: LUX.ET.UMBRA
  4. We noticed that the originel DropMyRights version by Microsoft is implemented as a Win32 Console Project and you will see a command window flashing by, however short, but still irritating.

    So what I did a couple of weeks ago is just recompile it as a real Win32 window based application, added some messagebox error messages to it. The rest is of course the same only that is now available to you all!

    Check here: http://www.techlog.org/archive/2005/08/29/dropmyrights__the_gui_version

  5. Warez are said to contain trojans and such, so a Senior Security Program Manager would probably keep them in their own folder, with DropMyRights there in order to test security.

Leave a Reply

Your email address will not be published. Required fields are marked *