Browsing the Web and Reading E-mail Safely as an Administrator

We all know that it’s a bad idea to surf the Web on a network server. In fact, it’s not a good idea to surf the Web on any computer where you are logged on as Administrator. A lot of malware causes harm because the user browses the Web while he/she is logged on as an Administrator. Michael Howard has written a tool called “DropMyRights”, which should solve this problem. DropMyRights is a very simple application to help users who must run as an administrator run applications in a much-safer context than that of a non-administrator. It does this by taking the current user’s token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla’s Firefox, Eudora, or Lotus Notes e-mail.

Simply copy DropMyRights.exe to a folder. Then for each application you want to run in lower privilege, follow the steps described in this article.

Update: July 15, 2017

DropMyRights is an old tool and is no longer available or applicable. Michael Howard posted an update on DropMyRights on August 13, 2007. In his post he mentioned that “this tool is not needed on Windows Vista or Windows Server 2008, because by default users are not administrators.” Newer operating systems that came after Windows Vista and Windows Server 2008 continue to offer the same kind of protection so this tool is no longer necessary.