DropMyRights.NET

I recently stumbled on this very interesting article about a very useful utility for people like me who work on Windows under administrator accounts. It can transparently reduce the rights of any program you use, including your web browser, email client and instant messenger application. DropMyRights executes the application under your normal user account, but it runs it with a different - lower privilege, more secure - user profile.

Using this utility can significantly reduce your vulnerability to internet-based attacks, such as the recent Beagle worm. If you accidentally execute this malware (or if it exploits a bug) from your low-privilege browser or email client, it will be unable to install itself because it doesn't have the privileges to create files under the Windows-, System32- and Program Files-directory, write registry keys in HK_LOCAL_MACHINE, terminate various processes such as virus scanners, etc.

DropMyRights.NET is our version of the DropMyRights utility. It's rewritten in C# and has some slight changes from the original version:
 - it doesn't briefly show a console window when starting an application with reduced privileges
 - our version supports passing command-line parameters to the low-priority application

Usage of DropMyRights.NET is very straightforward. If you want to start an application with less privileges, change the shortcut to

C:\...\DropMyRights.exe [N|C|U] {path} {command-line parameters}

where
'C:\...\DropMyRights.exe' is the full path of the DropMyRights.NET utility
'N' starts the application under a 'normal user' profile
'C' starts the application under a 'constrained user' profile
'U' starts the application under a 'untrusted user' profile
{path} is the full path of the executable you wish to run with a low-privilege profile
{command-line parameters} are the optional parameters that will be passed to the low-privilege application

For instance, the link I use to start Internet Explorer under a low-privilege account on my computer is:

"C:\Program Files\DropMyRights\DropMyRights.exe" N "C:\Program Files\Internet Explorer\iexplore.exe"

Keep in mind that running some applications under a constrained or untrusted user profile may cause problems. For instance, if you run IE under a constrained or untrusted context, it will be unable to download files. Hence, the 'normal user' profile will be the one that you use the most.

This application requires Windows XP, Windows Server 2003 or higher.

  Version History