Drop My Rights

Your Windows XP computer will be more secure online if you run under a limited account, rather than with an administrator account. But that is very inconvenient for many users.

Vista and Windows 7 make it much easier to run as a "Standard User".

I'd be remiss not to point out an extensive source of information on running with reduced rights that I found after generating this page.

Living with reduced rights >>>

If you find it unworkable to run under a limited account, it's advisable to at least run your internet-facing programs -- browser, email program, media players, etc. -- with reduced privileges. It's what I do. ;-)

DropMyRights from Microsoft

One way to set this up is to install a simple program -- DropMyRights -- and create up some special shortcuts (icons) for your internet-facing programs. [instructions below]

Michael Howard's article was the first place that I found that tells how to use Microsoft's DropMyRights program (free).
I also created some special DropMyRights shortcuts for Firefox, Thunderbird, Outlook Express, Internet Explorer and Windows Media Player. You'll need to use them or clone [instructions below] your own to use DropMyRights.
Michael Horowitz at CNet has a nice article on using DropMyRights for internet-facing programs.
Gizmo Richards at Tech Support Alert also has a comprehensive article on using DropMyRights.
I have added my own instructions for using DropMyRights below.

Better (?) alternatives to DropMyRights

Mark Russinovich of Sysinternals describes alternative ways to run Internet-facing programs with reduced rights. One of them uses PsExec. PsExec uses the same "CreateRestrictedToken" function that "Drop My Rights" does. The article will give you a better idea of what's involved.
I'm now using Online Armor Personal Firewall, which I also use to run my internet-facing programs with reduced rights. It's particularly handy because you can easily run the program at full rights directly from Online Armor.
To temporarily run a program with full rights, close all of the program's windows, and then use Online Armor to "Run normal." [Open the "Programs" section in the "Configuration" window of Online Armor (from the Tray area of your Taskbar) > Right-click the program whose rights you want to temporarily elevate > select "Run normal", and it will open in "Normal" (administrator) mode.] [more tips
I previously used DefenseWall HIPS, which also makes it easy to normally run programs with reduced rights, but to elevate them when necessary.

Instructions for DropMyRights

Install DropMyRights

Download the DropMyRights.msi file from Microsoft. Look for the link on the page.
Double-click the file's icon to start installation.
Install DropMyRights in C:\Program Files\DropMyRights\ If you pick another folder my shortcuts won't work without modification.
Note: DropMyRights is not a program that you open in the normal way. It works behind the scenes to open the target program, e.g., Firefox. You may see a small black window flash on and then off after it starts a program with Limited rights.

Create special shortcuts (icons)

Download DropMyRights.zip which contains special shortcuts that I created to use with DropMyRights.
They assume that you installed DropMyRights.exe in C:\Program Files\DropMyRights\ -- otherwise see "Cloning/modifying shortcuts" below.
Unzip DropMyRights.zip and extract the shortcuts anywhere you want them, e.g., on your Desktop.
Double-click the shortcuts to start your internet-facing programs under limited rights.
Note: Keep the original shortcuts for your Internet programs. Sometimes, for example to install plugins like Shockwave, it's necessary to run these programs with full rights. After you finish, be sure to close the program and restart it with reduced rights.

Running programs under limited rights

Be sure you start these internet-facing programs yourself, using the DropMyRights version of the shortcut for each one. Do not start them with another icon or method, e.g., from Windows Explorer, or by clicking an Internet shortcut.
If you allow another program to open these programs, they will be running with full, not reduced rights.
If a program is already running (it's window(s) is/are open) with full rights, close all those windows before starting the program with limited rights. Otherwise the program will continue to run with full rights.
You'd need to reverse that sequence to switch back from limited to full rights.
If you recieve an attachment, for example a Word document, download it, and then drag it to the shortcut to open both the program and the attachment. You can also drag it to the program window directly.

Cloning or modifying limited rights shortcuts (icons)

You can also create "DropMyRights" shortcuts for other programs. Just clone one of the examples, as shown in my directions below. Use the same approach to modify shortcuts if you have installed DropMyRights.exe in a folder different from C:\Program Files\DropMyRights\.

• map of security section

• email security
• web smarts
• catalog of threats
• elements of defense
• security software
• strong passwords
• 7 steps to security
• bullet-proof security
• WiFi and hotspot security
• how to wipe your hard drive
• how to remove malware

• attack vectors: deception: the #1 threat; spam and scams; phishing; bogus and booby-trapped webpages; poisoned ads, comments, etc.; popup warnings; drive-by email; attachments; downloads; social and p2p networks; hackers and worms
• malicious content: spyware; viruses and worms; trojans

"You can safely assume that you've created God in your own image when it turns out that God hates all the same people you do." --Anne Lamott

Start the cloning process by copying and pasting one of the original shortcuts to create a new one.
Right click the new shortcut, and select "Properties". You'll get a dialog box similar to the one at the right.
Notice that the Target: is "C:\Program Files\DropMyRights\DropMyRights.exe" (quotes are included in this situation). What you don't see is the argument that is passed to DropMyRights.
Right-click the text in the Target line and select copy. [If it is not already selected (blue) then click "select all" and then you should be able to copy.]
Paste the text to Notepad or Wordpad. Here's what you'll see:

"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Internet Explorer\iexplore.exe"

(Except it will all be on one line, with one space between the two text segments as shown again below the image.) The astute will have realized they can just copy the line from this page. :-)
Now comes the fun part: Replace the second text segment with the path to the executable file for the program you need a shortcut for. For example, it would be

"C:\Program Files\FeedDemon\FeedDemon.exe"

for my web feed reader.
Copy this new line and paste it into the Target line, replacing what was there before.
Next, click the "Change Icon..." button, and navigate to the program's executable file, e.g., FeedDemon.exe, and select the icon you like.
Click OK, and then try out your new shortcut. You should see a brief flash, maybe even a black box for an instant, and then your program will open. It will be running with limited rights.

Here is what you will be working with in Notepad (or Wordpad). Copy the original line, and then edit it to create the cloned line. Notice the single space between the two segments of each line. Mucho Importante!

"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\Internet Explorer\iexplore.exe" original line
"C:\Program Files\DropMyRights\DropMyRights.exe" "C:\Program Files\FeedDemon\FeedDemon.exe" cloned line