Sign in with
Sign up | Sign in
Your question

IE problems with bookmarks when started with 'runas'

Last response: in Windows XP
Share
January 29, 2005 11:25:41 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

-Bookmarks created when IE is "runas" the limited account in XPHome require
restarting IE in order to become visible.

-When IE is started using "runas" and the option "Protect my computer and
data from unauthorized program activity", bookmark functionality is
nonexistent.

How can IE be operated using these more secure options while retaining
bookmark functionality?
Anonymous
a b 8 Security
January 30, 2005 1:00:10 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"tom" <cyberhun@shaw.ca> ha scritto nel messaggio
news:9jSKd.203704$Xk.8453@pd7tw3no...

> -Bookmarks created when IE is "runas" the limited account in XPHome
> require restarting IE in order to become visible.
>
> -When IE is started using "runas" and the option "Protect my computer and
> data from unauthorized program activity", bookmark functionality is
> nonexistent.
>
> How can IE be operated using these more secure options while retaining
> bookmark functionality?

Bookmarks are user-specific; if you run IE in another user's context, it's
not a surprise they don't work.
You could try giving full control permissions to that user account on the
folder "C:\Documents and settings\your_main_username\Favorites", where your
bookmarks are stored. But I don't know if this work, chances are IE will use
the bookmarks in the other user's profile when ran under his account.

Massimo
January 30, 2005 2:15:08 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Giving full priviliges to the limited account is the most ridiculous
suggestion I've ever heard --- that's why it's a limited account, so it
doesn't have full priviliges.
Anybody else have any ideas?


"Massimo" <barone@mclink.it> wrote in message
news:o qnHEWkBFHA.2640@TK2MSFTNGP14.phx.gbl...
> "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
> news:9jSKd.203704$Xk.8453@pd7tw3no...
>
>> -Bookmarks created when IE is "runas" the limited account in XPHome
>> require restarting IE in order to become visible.
>>
>> -When IE is started using "runas" and the option "Protect my computer and
>> data from unauthorized program activity", bookmark functionality is
>> nonexistent.
>>
>> How can IE be operated using these more secure options while retaining
>> bookmark functionality?
>
> Bookmarks are user-specific; if you run IE in another user's context, it's
> not a surprise they don't work.
> You could try giving full control permissions to that user account on the
> folder "C:\Documents and settings\your_main_username\Favorites", where
> your bookmarks are stored. But I don't know if this work, chances are IE
> will use the bookmarks in the other user's profile when ran under his
> account.
>
> Massimo
>
Related resources
Anonymous
a b 8 Security
January 30, 2005 8:17:55 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"tom" <cyberhun@shaw.ca> ha scritto nel messaggio
news:0OUKd.205688$Xk.149266@pd7tw3no...

> Giving full priviliges to the limited account is the most ridiculous
> suggestion I've ever heard --- that's why it's a limited account, so it
> doesn't have full priviliges.

I didn't suggest to give unlimited privileges to that account; I only
suggested to give it full control access on your bookmarks' folder.
If you want that account to be able to edit your bookmarks, that's the
absolutely minimum it would need.
Anyway, the whole idea of managing your bookmarks using another user account
is totally crazy: as I said before, bookmarks are totally user-specific;
they have a fully devoted folder in the user profile, and are definitely
*not* managed at the system level.

Massimo
January 30, 2005 8:50:55 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm not TRYING to manage my bookmarks using another account (READ THE
QUESTION) --- I'm trying to run IE securely, using the method provided for
by XP: THE COMMAND KNOWN AS "RUNAS".

Is anyone else reading these questions?


"Massimo" <barone@mclink.it> wrote in message
news:cthn5b$1ass$1@newsreader1.mclink.it...
> "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
> news:0OUKd.205688$Xk.149266@pd7tw3no...
>
>> Giving full priviliges to the limited account is the most ridiculous
>> suggestion I've ever heard --- that's why it's a limited account, so it
>> doesn't have full priviliges.
>
> I didn't suggest to give unlimited privileges to that account; I only
> suggested to give it full control access on your bookmarks' folder.
> If you want that account to be able to edit your bookmarks, that's the
> absolutely minimum it would need.
> Anyway, the whole idea of managing your bookmarks using another user
> account is totally crazy: as I said before, bookmarks are totally
> user-specific; they have a fully devoted folder in the user profile, and
> are definitely *not* managed at the system level.
>
> Massimo
>
Anonymous
a b 8 Security
January 30, 2005 9:27:50 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"tom" <cyberhun@shaw.ca> ha scritto nel messaggio
news:3B_Kd.212528$6l.168057@pd7tw2no...

> I'm not TRYING to manage my bookmarks using another
> account (READ THE QUESTION) --- I'm trying to run IE
> securely, using the method provided for by XP: THE COMMAND KNOWN AS
> "RUNAS".

You don't seem to know what the RUNAS command actually does: it runs the
specified program in another user's context. If you open the Task Manager
and look at the "owner" column for the IE process, you'll see this quite
clearly.

RUNAS is typically used to run administrative tools if you're logged in as a
restricted user: you run them using an admin account without having to log
off and log on again with that account.
Another use is what you're trying to achieve: running a potentially insecure
program in a restricted user's context, to avoid damages to the system.
But RUNAS is not a "method for running programs securely", although it can
sometimes be used to accomplish this. It's an utility to run programs using
a user account different from the one you're logged in as.

The problem is: programs like IE or OE, which have lots of user-specific
settings and data, either in the Registry or in the user profile directory,
can expose strange behaviours when the user account you're running them
under is not the same as your main user account.

I'm not trying to flame you, like you seem to be thinking about my replies.
I'm just trying to explain the behaviour you're experiencing.


Massimo
January 31, 2005 2:57:52 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If you are unhappy with my response to your input, why don't you just ignore
it? Does it mean THAT much to you? It would be better for you if you did
because every time you come back, you do so with an even more ridiculous
pile-of-nonsense than the previous one. Listen, can't you hear everyone
laughing at you?
Here's an example of what I mean;
You say:
------------------------------
> RUNAS is not a "method for running programs securely", although it can
> sometimes be used to accomplish this. It's an utility to run programs
> using a user account different from the one you're logged in as.
------------------------------
This is a verbatim quote from the MS help file on the command Runas. This
is the LEAD PARAGRAPH:
------------------------------
When you run Microsoft Windows XP Service Pack 2 (SP2) using the Computer
administrator account, your computer is more vulnerable to viruses and other
security risks than when you use the Limited account. For example, if you
are using the Computer administrator account when you visit a Web site that
contains a virus, a Trojan horse might be installed on your computer where
it could do things like reformat your hard drive, delete all your files, or
create a new user account with administrative access. By contrast, if you
are using the Limited account when you visit an Internet site that contains
a virus, your computer is less likely to be infected by it.
-------------------------------
Clearly, the single most important reason, according to MS, for switching
usr accts, is to run a given application (IE6, like in the MS example) MORE
SECURELY. As opposed to your assertion that "runas is not a method for
running programs more securely".
Massimo, I'm sure you mean well, and you do have some knowledge of
computers. Thankyou for your effort, but please find someone else to
harangue with your phlogisticated uber-crunk.





"Massimo" <barone@mclink.it> wrote in message
news:ctj5eh$21vb$1@newsreader1.mclink.it...
> "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
> news:3B_Kd.212528$6l.168057@pd7tw2no...
>
>> I'm not TRYING to manage my bookmarks using another
>> account (READ THE QUESTION) --- I'm trying to run IE
>> securely, using the method provided for by XP: THE COMMAND KNOWN AS
>> "RUNAS".
>
> You don't seem to know what the RUNAS command actually does: it runs the
> specified program in another user's context. If you open the Task Manager
> and look at the "owner" column for the IE process, you'll see this quite
> clearly.
>
> RUNAS is typically used to run administrative tools if you're logged in as
> a restricted user: you run them using an admin account without having to
> log off and log on again with that account.
> Another use is what you're trying to achieve: running a potentially
> insecure program in a restricted user's context, to avoid damages to the
> system.
> But RUNAS is not a "method for running programs securely", although it can
> sometimes be used to accomplish this. It's an utility to run programs
> using a user account different from the one you're logged in as.
>
> The problem is: programs like IE or OE, which have lots of user-specific
> settings and data, either in the Registry or in the user profile
> directory, can expose strange behaviours when the user account you're
> running them under is not the same as your main user account.
>
> I'm not trying to flame you, like you seem to be thinking about my
> replies. I'm just trying to explain the behaviour you're experiencing.
>
>
> Massimo
>
Anonymous
a b 8 Security
January 31, 2005 4:31:35 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"tom" <cyberhun@shaw.ca> ha scritto nel messaggio
news:4weLd.223805$Xk.4451@pd7tw3no...

> If you are unhappy with my response to your input, why don't you just
> ignore it? Does it mean THAT much to you? It would be better for you if
> you did because every time you come back, you do so with an even more
> ridiculous pile-of-nonsense than the previous one. Listen, can't you hear
> everyone laughing at you?

No, I can't. Because nobody is.

> Here's an example of what I mean;
> You say:
> ------------------------------
>> RUNAS is not a "method for running programs securely", although it can
>> sometimes be used to accomplish this. It's an utility to run programs
>> using a user account different from the one you're logged in as.
> ------------------------------
> This is a verbatim quote from the MS help file on the command Runas. This
> is the LEAD PARAGRAPH:
> ------------------------------
> When you run Microsoft Windows XP Service Pack 2 (SP2) using the Computer
> administrator account, your computer is more vulnerable to viruses and
> other security risks than when you use the Limited account. For example,
> if you are using the Computer administrator account when you visit a Web
> site that contains a virus, a Trojan horse might be installed on your
> computer where it could do things like reformat your hard drive, delete
> all your files, or create a new user account with administrative access.
> By contrast, if you are using the Limited account when you visit an
> Internet site that contains a virus, your computer is less likely to be
> infected by it.
> -------------------------------

That's completely true. I didn't negate you can use RUNAS to run programs in
a limited-user context. But RUNAS is a more general-purpose utility, which
purpose is, actually, to run programs as any user different from the one
you're logged in as.

> Clearly, the single most important reason, according to MS, for switching
> usr accts, is to run a given application (IE6, like in the MS example)
> MORE SECURELY.

That's not true. The main purpose of RUNAS is, as I stated, to temporarily
elevate your privileges when needed, because you should anyway be using a
non-administrator account for everyday use. And although many people
actually use administrator accounts to run their home systems, this is
particularly useful in a domain environment, where it's definitely dangerous
to use a domain admin account to, say, check your e-mail.

> As opposed to your assertion that "runas is not a method for running
> programs more securely".

That's not its main purpose, nor is RUNAS limited to doing that. But it can
be used for that purpose, although with some limitations where user-specific
data and settings are involved.

> Massimo, I'm sure you mean well, and you do have some knowledge of
> computers. Thankyou for your effort, but please find someone else to
> harangue with your phlogisticated uber-crunk.

You're free to think anything you like about RUNAS. But it won't help you
manage your bookmarks or your e-mail, because different user accounts are
involved when you use RUNAS, and IE and OE's settings and data are
user-specific.
That's it, plain and simple.

By the way, I've been using RUNAS since NT4. You're seeing it now for the
first time, and think it's a security feature of Windows XP SP2... it's a
lot older, and much more useful than you think. Here are some links on the
topic:

http://www.microsoft.com/resources/documentation/Window...

http://www.microsoft.com/resources/documentation/Window...

And here's something concerning your problem; as you can see, user profiles
*are* involved when using RUNAS:

http://support.microsoft.com/default.aspx?scid=kb;en-us;254094


Massimo
January 31, 2005 6:28:18 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Wow, you really are even more completely incompetent than I thought you
were.
Let me ask you a question: why are there such things as pivilege levels and
accounts?
In one word---security!
Why would anyone want to selectively alter their account/privileges?
SECURITY!
Even you say that this is the reason for runas:

> purpose is, actually, to run programs as any user different from the one
> you're logged in as.

and why would anyone want to do that?
could it be related reasons of, wait for it --- SECURITY?
You say it's more of a 'general purpose' utility. No it isn't. It has one
purpose --- to switch accounts, and switching accounts' main purpose is
(according to MS, as well as myself) SECURITY!!!

If I had more time I would make a WAV file of our IT group's collective
howls of
laughter at you, so that you COULD hear it (because brother, trust me, they
are out there and they are laughing and laughing HARD), but it might cause
irreversible damage to your obviously fragile mental state.

You seem to think that it is something worth bragging about that you are
familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
using NT because UNIX was too complicated for you?

Why, I was hand-coding assemby routines on the IBM System 360, for the
defence industry, with one hand, while fighting off commie infiltrators with
the other in the seventies. And doing field work on Navy crypto-gear in the
Gulf of Tonkin, and on digital repeater gear on mountaintops in Cambodia
with the NVA agents dragging my co-workers into the jungle and cutting open
their abdominal cavities with butcher knives and pulling all their
INTESTINES OUT!!! While you were sitting in your little pensiones, drinking
cappucino, and eating gelato ice cream, I was held prisoner for four years
in A TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY TESTICLES!!!!!
Now we'll see what your made of, Mr Massimo, Mr
I'm-So-Smart-About-Computers, what have you got say about THAT?
Where are you going to go with this?
Anonymous
a b 8 Security
January 31, 2005 6:28:19 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Tom,

Massimo is totally correct.

This behavior is by default. IE determines which user it's being run as,
and accesses the bookmarks under that user's folder.

He's trying to help you...you might do well to listen to him.

Matt Gibson - GSEC


"tom" <cyberhun@shaw.ca> wrote in message
news:mBhLd.225041$Xk.82854@pd7tw3no...
> Wow, you really are even more completely incompetent than I thought you
> were.
> Let me ask you a question: why are there such things as pivilege levels
> and accounts?
> In one word---security!
> Why would anyone want to selectively alter their account/privileges?
> SECURITY!
> Even you say that this is the reason for runas:
>
>> purpose is, actually, to run programs as any user different from the one
>> you're logged in as.
>
> and why would anyone want to do that?
> could it be related reasons of, wait for it --- SECURITY?
> You say it's more of a 'general purpose' utility. No it isn't. It has
> one purpose --- to switch accounts, and switching accounts' main purpose
> is (according to MS, as well as myself) SECURITY!!!
>
> If I had more time I would make a WAV file of our IT group's collective
> howls of
> laughter at you, so that you COULD hear it (because brother, trust me,
> they are out there and they are laughing and laughing HARD), but it might
> cause irreversible damage to your obviously fragile mental state.
>
> You seem to think that it is something worth bragging about that you are
> familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
> using NT because UNIX was too complicated for you?
>
> Why, I was hand-coding assemby routines on the IBM System 360, for the
> defence industry, with one hand, while fighting off commie infiltrators
> with the other in the seventies. And doing field work on Navy crypto-gear
> in the Gulf of Tonkin, and on digital repeater gear on mountaintops in
> Cambodia with the NVA agents dragging my co-workers into the jungle and
> cutting open their abdominal cavities with butcher knives and pulling all
> their INTESTINES OUT!!! While you were sitting in your little pensiones,
> drinking cappucino, and eating gelato ice cream, I was held prisoner for
> four years in A TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY
> TESTICLES!!!!!
> Now we'll see what your made of, Mr Massimo, Mr
> I'm-So-Smart-About-Computers, what have you got say about THAT?
> Where are you going to go with this?
>
>
>
Anonymous
a b 8 Security
January 31, 2005 2:41:26 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

tom wrote:
> You seem to think that it is something worth bragging about that you
> are familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
> using NT because UNIX was too complicated for you?
>
> Why, I was hand-coding assemby routines on the IBM System 360, for the
> defence industry, with one hand, while fighting off commie
> infiltrators with the other in the seventies. And doing field work
> on Navy crypto-gear in the Gulf of Tonkin, and on digital repeater
> gear on mountaintops in Cambodia with the NVA agents dragging my
> co-workers into the jungle and cutting open their abdominal cavities
> with butcher knives and pulling all their INTESTINES OUT!!! While
> you were sitting in your little pensiones, drinking cappucino, and
> eating gelato ice cream, I was held prisoner for four years in A
> TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY TESTICLES!!!!!
> Now we'll see what your made of, Mr Massimo, Mr
> I'm-So-Smart-About-Computers, what have you got say about THAT? Where are
> you going to go with this?

I don't know what Massimo has to say..
But I have to say that I hope you get your GED soon.
Good Luck with that!

--
<- Shenan ->
--
The information is provided "as is", it is suggested you research for
yourself before you take any advice - you are the one ultimately
responsible for your actions/problems/solutions. Know what you are
getting into before you jump in with both feet.
Anonymous
a b 8 Security
January 31, 2005 5:36:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"tom" <cyberhun@shaw.ca> ha scritto nel messaggio
news:mBhLd.225041$Xk.82854@pd7tw3no...

> Now we'll see what your made of, Mr Massimo, Mr
> I'm-So-Smart-About-Computers, what have you got say about THAT?

"Don't feed the trolls".

Bye.


Massimo
Anonymous
a b 8 Security
February 1, 2005 12:23:13 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"troll" - either that or you are misinformed to how "RUNAS" functions - as
Massimo said, RUNAS runs whatever you told it to "as another run" - it is
just like the "su" command in unix (although with the unix su, you can keep
current profile variables or assume the new user variables - RUNAS don't
give you that option). The OS actually changes it's environment to that of
the other user, just as if you logged on as that user. So of course,
bookmarks are going to be stored in the %HOMEPATH% of the RUNAS user instead
of the LOGGED ON user's %HOMEPATH% - or do you "Canadians" have problems
understanding plain "English"?

Small note: Online MS Knowledge, Built-in "Help & Support" for both WinXP
and Win2k3 give all types of examples of using "RUNSA", none of which show a
"hyperlink", i.e. browser "bookmark" or "favorites" entry.

Also note, badgering and degrading those who are trying to help you, because
either you don't understand and/or the software was not designed to do what
you want it to, will not make the software "automagically" do what you want.

--
Star Fleet Admiral Q @ your service!


"tom" <cyberhun@shaw.ca> wrote in message
news:mBhLd.225041$Xk.82854@pd7tw3no...
> Wow, you really are even more completely incompetent than I thought you
> were.
> Let me ask you a question: why are there such things as pivilege levels
and
> accounts?
> In one word---security!
> Why would anyone want to selectively alter their account/privileges?
> SECURITY!
> Even you say that this is the reason for runas:
>
> > purpose is, actually, to run programs as any user different from the one
> > you're logged in as.
>
> and why would anyone want to do that?
> could it be related reasons of, wait for it --- SECURITY?
> You say it's more of a 'general purpose' utility. No it isn't. It has
one
> purpose --- to switch accounts, and switching accounts' main purpose is
> (according to MS, as well as myself) SECURITY!!!
>
> If I had more time I would make a WAV file of our IT group's collective
> howls of
> laughter at you, so that you COULD hear it (because brother, trust me,
they
> are out there and they are laughing and laughing HARD), but it might cause
> irreversible damage to your obviously fragile mental state.
>
> You seem to think that it is something worth bragging about that you are
> familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
> using NT because UNIX was too complicated for you?
>
> Why, I was hand-coding assemby routines on the IBM System 360, for the
> defence industry, with one hand, while fighting off commie infiltrators
with
> the other in the seventies. And doing field work on Navy crypto-gear in
the
> Gulf of Tonkin, and on digital repeater gear on mountaintops in Cambodia
> with the NVA agents dragging my co-workers into the jungle and cutting
open
> their abdominal cavities with butcher knives and pulling all their
> INTESTINES OUT!!! While you were sitting in your little pensiones,
drinking
> cappucino, and eating gelato ice cream, I was held prisoner for four years
> in A TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY TESTICLES!!!!!
> Now we'll see what your made of, Mr Massimo, Mr
> I'm-So-Smart-About-Computers, what have you got say about THAT?
> Where are you going to go with this?
>
>
>
!