IE problems with bookmarks when started with 'runas'

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

-Bookmarks created when IE is "runas" the limited account in XPHome require
restarting IE in order to become visible.

-When IE is started using "runas" and the option "Protect my computer and
data from unauthorized program activity", bookmark functionality is
nonexistent.

How can IE be operated using these more secure options while retaining
bookmark functionality?
12 answers Last reply
More about problems bookmarks started runas
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    news:9jSKd.203704$Xk.8453@pd7tw3no...

    > -Bookmarks created when IE is "runas" the limited account in XPHome
    > require restarting IE in order to become visible.
    >
    > -When IE is started using "runas" and the option "Protect my computer and
    > data from unauthorized program activity", bookmark functionality is
    > nonexistent.
    >
    > How can IE be operated using these more secure options while retaining
    > bookmark functionality?

    Bookmarks are user-specific; if you run IE in another user's context, it's
    not a surprise they don't work.
    You could try giving full control permissions to that user account on the
    folder "C:\Documents and settings\your_main_username\Favorites", where your
    bookmarks are stored. But I don't know if this work, chances are IE will use
    the bookmarks in the other user's profile when ran under his account.

    Massimo
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Giving full priviliges to the limited account is the most ridiculous
    suggestion I've ever heard --- that's why it's a limited account, so it
    doesn't have full priviliges.
    Anybody else have any ideas?


    "Massimo" <barone@mclink.it> wrote in message
    news:OqnHEWkBFHA.2640@TK2MSFTNGP14.phx.gbl...
    > "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    > news:9jSKd.203704$Xk.8453@pd7tw3no...
    >
    >> -Bookmarks created when IE is "runas" the limited account in XPHome
    >> require restarting IE in order to become visible.
    >>
    >> -When IE is started using "runas" and the option "Protect my computer and
    >> data from unauthorized program activity", bookmark functionality is
    >> nonexistent.
    >>
    >> How can IE be operated using these more secure options while retaining
    >> bookmark functionality?
    >
    > Bookmarks are user-specific; if you run IE in another user's context, it's
    > not a surprise they don't work.
    > You could try giving full control permissions to that user account on the
    > folder "C:\Documents and settings\your_main_username\Favorites", where
    > your bookmarks are stored. But I don't know if this work, chances are IE
    > will use the bookmarks in the other user's profile when ran under his
    > account.
    >
    > Massimo
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    news:0OUKd.205688$Xk.149266@pd7tw3no...

    > Giving full priviliges to the limited account is the most ridiculous
    > suggestion I've ever heard --- that's why it's a limited account, so it
    > doesn't have full priviliges.

    I didn't suggest to give unlimited privileges to that account; I only
    suggested to give it full control access on your bookmarks' folder.
    If you want that account to be able to edit your bookmarks, that's the
    absolutely minimum it would need.
    Anyway, the whole idea of managing your bookmarks using another user account
    is totally crazy: as I said before, bookmarks are totally user-specific;
    they have a fully devoted folder in the user profile, and are definitely
    *not* managed at the system level.

    Massimo
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I'm not TRYING to manage my bookmarks using another account (READ THE
    QUESTION) --- I'm trying to run IE securely, using the method provided for
    by XP: THE COMMAND KNOWN AS "RUNAS".

    Is anyone else reading these questions?


    "Massimo" <barone@mclink.it> wrote in message
    news:cthn5b$1ass$1@newsreader1.mclink.it...
    > "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    > news:0OUKd.205688$Xk.149266@pd7tw3no...
    >
    >> Giving full priviliges to the limited account is the most ridiculous
    >> suggestion I've ever heard --- that's why it's a limited account, so it
    >> doesn't have full priviliges.
    >
    > I didn't suggest to give unlimited privileges to that account; I only
    > suggested to give it full control access on your bookmarks' folder.
    > If you want that account to be able to edit your bookmarks, that's the
    > absolutely minimum it would need.
    > Anyway, the whole idea of managing your bookmarks using another user
    > account is totally crazy: as I said before, bookmarks are totally
    > user-specific; they have a fully devoted folder in the user profile, and
    > are definitely *not* managed at the system level.
    >
    > Massimo
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    news:3B_Kd.212528$6l.168057@pd7tw2no...

    > I'm not TRYING to manage my bookmarks using another
    > account (READ THE QUESTION) --- I'm trying to run IE
    > securely, using the method provided for by XP: THE COMMAND KNOWN AS
    > "RUNAS".

    You don't seem to know what the RUNAS command actually does: it runs the
    specified program in another user's context. If you open the Task Manager
    and look at the "owner" column for the IE process, you'll see this quite
    clearly.

    RUNAS is typically used to run administrative tools if you're logged in as a
    restricted user: you run them using an admin account without having to log
    off and log on again with that account.
    Another use is what you're trying to achieve: running a potentially insecure
    program in a restricted user's context, to avoid damages to the system.
    But RUNAS is not a "method for running programs securely", although it can
    sometimes be used to accomplish this. It's an utility to run programs using
    a user account different from the one you're logged in as.

    The problem is: programs like IE or OE, which have lots of user-specific
    settings and data, either in the Registry or in the user profile directory,
    can expose strange behaviours when the user account you're running them
    under is not the same as your main user account.

    I'm not trying to flame you, like you seem to be thinking about my replies.
    I'm just trying to explain the behaviour you're experiencing.


    Massimo
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    If you are unhappy with my response to your input, why don't you just ignore
    it? Does it mean THAT much to you? It would be better for you if you did
    because every time you come back, you do so with an even more ridiculous
    pile-of-nonsense than the previous one. Listen, can't you hear everyone
    laughing at you?
    Here's an example of what I mean;
    You say:
    ------------------------------
    > RUNAS is not a "method for running programs securely", although it can
    > sometimes be used to accomplish this. It's an utility to run programs
    > using a user account different from the one you're logged in as.
    ------------------------------
    This is a verbatim quote from the MS help file on the command Runas. This
    is the LEAD PARAGRAPH:
    ------------------------------
    When you run Microsoft Windows XP Service Pack 2 (SP2) using the Computer
    administrator account, your computer is more vulnerable to viruses and other
    security risks than when you use the Limited account. For example, if you
    are using the Computer administrator account when you visit a Web site that
    contains a virus, a Trojan horse might be installed on your computer where
    it could do things like reformat your hard drive, delete all your files, or
    create a new user account with administrative access. By contrast, if you
    are using the Limited account when you visit an Internet site that contains
    a virus, your computer is less likely to be infected by it.
    -------------------------------
    Clearly, the single most important reason, according to MS, for switching
    usr accts, is to run a given application (IE6, like in the MS example) MORE
    SECURELY. As opposed to your assertion that "runas is not a method for
    running programs more securely".
    Massimo, I'm sure you mean well, and you do have some knowledge of
    computers. Thankyou for your effort, but please find someone else to
    harangue with your phlogisticated uber-crunk.


    "Massimo" <barone@mclink.it> wrote in message
    news:ctj5eh$21vb$1@newsreader1.mclink.it...
    > "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    > news:3B_Kd.212528$6l.168057@pd7tw2no...
    >
    >> I'm not TRYING to manage my bookmarks using another
    >> account (READ THE QUESTION) --- I'm trying to run IE
    >> securely, using the method provided for by XP: THE COMMAND KNOWN AS
    >> "RUNAS".
    >
    > You don't seem to know what the RUNAS command actually does: it runs the
    > specified program in another user's context. If you open the Task Manager
    > and look at the "owner" column for the IE process, you'll see this quite
    > clearly.
    >
    > RUNAS is typically used to run administrative tools if you're logged in as
    > a restricted user: you run them using an admin account without having to
    > log off and log on again with that account.
    > Another use is what you're trying to achieve: running a potentially
    > insecure program in a restricted user's context, to avoid damages to the
    > system.
    > But RUNAS is not a "method for running programs securely", although it can
    > sometimes be used to accomplish this. It's an utility to run programs
    > using a user account different from the one you're logged in as.
    >
    > The problem is: programs like IE or OE, which have lots of user-specific
    > settings and data, either in the Registry or in the user profile
    > directory, can expose strange behaviours when the user account you're
    > running them under is not the same as your main user account.
    >
    > I'm not trying to flame you, like you seem to be thinking about my
    > replies. I'm just trying to explain the behaviour you're experiencing.
    >
    >
    > Massimo
    >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    news:4weLd.223805$Xk.4451@pd7tw3no...

    > If you are unhappy with my response to your input, why don't you just
    > ignore it? Does it mean THAT much to you? It would be better for you if
    > you did because every time you come back, you do so with an even more
    > ridiculous pile-of-nonsense than the previous one. Listen, can't you hear
    > everyone laughing at you?

    No, I can't. Because nobody is.

    > Here's an example of what I mean;
    > You say:
    > ------------------------------
    >> RUNAS is not a "method for running programs securely", although it can
    >> sometimes be used to accomplish this. It's an utility to run programs
    >> using a user account different from the one you're logged in as.
    > ------------------------------
    > This is a verbatim quote from the MS help file on the command Runas. This
    > is the LEAD PARAGRAPH:
    > ------------------------------
    > When you run Microsoft Windows XP Service Pack 2 (SP2) using the Computer
    > administrator account, your computer is more vulnerable to viruses and
    > other security risks than when you use the Limited account. For example,
    > if you are using the Computer administrator account when you visit a Web
    > site that contains a virus, a Trojan horse might be installed on your
    > computer where it could do things like reformat your hard drive, delete
    > all your files, or create a new user account with administrative access.
    > By contrast, if you are using the Limited account when you visit an
    > Internet site that contains a virus, your computer is less likely to be
    > infected by it.
    > -------------------------------

    That's completely true. I didn't negate you can use RUNAS to run programs in
    a limited-user context. But RUNAS is a more general-purpose utility, which
    purpose is, actually, to run programs as any user different from the one
    you're logged in as.

    > Clearly, the single most important reason, according to MS, for switching
    > usr accts, is to run a given application (IE6, like in the MS example)
    > MORE SECURELY.

    That's not true. The main purpose of RUNAS is, as I stated, to temporarily
    elevate your privileges when needed, because you should anyway be using a
    non-administrator account for everyday use. And although many people
    actually use administrator accounts to run their home systems, this is
    particularly useful in a domain environment, where it's definitely dangerous
    to use a domain admin account to, say, check your e-mail.

    > As opposed to your assertion that "runas is not a method for running
    > programs more securely".

    That's not its main purpose, nor is RUNAS limited to doing that. But it can
    be used for that purpose, although with some limitations where user-specific
    data and settings are involved.

    > Massimo, I'm sure you mean well, and you do have some knowledge of
    > computers. Thankyou for your effort, but please find someone else to
    > harangue with your phlogisticated uber-crunk.

    You're free to think anything you like about RUNAS. But it won't help you
    manage your bookmarks or your e-mail, because different user accounts are
    involved when you use RUNAS, and IE and OE's settings and data are
    user-specific.
    That's it, plain and simple.

    By the way, I've been using RUNAS since NT4. You're seeing it now for the
    first time, and think it's a security feature of Windows XP SP2... it's a
    lot older, and much more useful than you think. Here are some links on the
    topic:

    http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_gvra.asp

    http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/mmc_runas.asp

    And here's something concerning your problem; as you can see, user profiles
    *are* involved when using RUNAS:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;254094


    Massimo
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Wow, you really are even more completely incompetent than I thought you
    were.
    Let me ask you a question: why are there such things as pivilege levels and
    accounts?
    In one word---security!
    Why would anyone want to selectively alter their account/privileges?
    SECURITY!
    Even you say that this is the reason for runas:

    > purpose is, actually, to run programs as any user different from the one
    > you're logged in as.

    and why would anyone want to do that?
    could it be related reasons of, wait for it --- SECURITY?
    You say it's more of a 'general purpose' utility. No it isn't. It has one
    purpose --- to switch accounts, and switching accounts' main purpose is
    (according to MS, as well as myself) SECURITY!!!

    If I had more time I would make a WAV file of our IT group's collective
    howls of
    laughter at you, so that you COULD hear it (because brother, trust me, they
    are out there and they are laughing and laughing HARD), but it might cause
    irreversible damage to your obviously fragile mental state.

    You seem to think that it is something worth bragging about that you are
    familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
    using NT because UNIX was too complicated for you?

    Why, I was hand-coding assemby routines on the IBM System 360, for the
    defence industry, with one hand, while fighting off commie infiltrators with
    the other in the seventies. And doing field work on Navy crypto-gear in the
    Gulf of Tonkin, and on digital repeater gear on mountaintops in Cambodia
    with the NVA agents dragging my co-workers into the jungle and cutting open
    their abdominal cavities with butcher knives and pulling all their
    INTESTINES OUT!!! While you were sitting in your little pensiones, drinking
    cappucino, and eating gelato ice cream, I was held prisoner for four years
    in A TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY TESTICLES!!!!!
    Now we'll see what your made of, Mr Massimo, Mr
    I'm-So-Smart-About-Computers, what have you got say about THAT?
    Where are you going to go with this?
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Tom,

    Massimo is totally correct.

    This behavior is by default. IE determines which user it's being run as,
    and accesses the bookmarks under that user's folder.

    He's trying to help you...you might do well to listen to him.

    Matt Gibson - GSEC


    "tom" <cyberhun@shaw.ca> wrote in message
    news:mBhLd.225041$Xk.82854@pd7tw3no...
    > Wow, you really are even more completely incompetent than I thought you
    > were.
    > Let me ask you a question: why are there such things as pivilege levels
    > and accounts?
    > In one word---security!
    > Why would anyone want to selectively alter their account/privileges?
    > SECURITY!
    > Even you say that this is the reason for runas:
    >
    >> purpose is, actually, to run programs as any user different from the one
    >> you're logged in as.
    >
    > and why would anyone want to do that?
    > could it be related reasons of, wait for it --- SECURITY?
    > You say it's more of a 'general purpose' utility. No it isn't. It has
    > one purpose --- to switch accounts, and switching accounts' main purpose
    > is (according to MS, as well as myself) SECURITY!!!
    >
    > If I had more time I would make a WAV file of our IT group's collective
    > howls of
    > laughter at you, so that you COULD hear it (because brother, trust me,
    > they are out there and they are laughing and laughing HARD), but it might
    > cause irreversible damage to your obviously fragile mental state.
    >
    > You seem to think that it is something worth bragging about that you are
    > familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
    > using NT because UNIX was too complicated for you?
    >
    > Why, I was hand-coding assemby routines on the IBM System 360, for the
    > defence industry, with one hand, while fighting off commie infiltrators
    > with the other in the seventies. And doing field work on Navy crypto-gear
    > in the Gulf of Tonkin, and on digital repeater gear on mountaintops in
    > Cambodia with the NVA agents dragging my co-workers into the jungle and
    > cutting open their abdominal cavities with butcher knives and pulling all
    > their INTESTINES OUT!!! While you were sitting in your little pensiones,
    > drinking cappucino, and eating gelato ice cream, I was held prisoner for
    > four years in A TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY
    > TESTICLES!!!!!
    > Now we'll see what your made of, Mr Massimo, Mr
    > I'm-So-Smart-About-Computers, what have you got say about THAT?
    > Where are you going to go with this?
    >
    >
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    tom wrote:
    > You seem to think that it is something worth bragging about that you
    > are familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
    > using NT because UNIX was too complicated for you?
    >
    > Why, I was hand-coding assemby routines on the IBM System 360, for the
    > defence industry, with one hand, while fighting off commie
    > infiltrators with the other in the seventies. And doing field work
    > on Navy crypto-gear in the Gulf of Tonkin, and on digital repeater
    > gear on mountaintops in Cambodia with the NVA agents dragging my
    > co-workers into the jungle and cutting open their abdominal cavities
    > with butcher knives and pulling all their INTESTINES OUT!!! While
    > you were sitting in your little pensiones, drinking cappucino, and
    > eating gelato ice cream, I was held prisoner for four years in A
    > TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY TESTICLES!!!!!
    > Now we'll see what your made of, Mr Massimo, Mr
    > I'm-So-Smart-About-Computers, what have you got say about THAT? Where are
    > you going to go with this?

    I don't know what Massimo has to say..
    But I have to say that I hope you get your GED soon.
    Good Luck with that!

    --
    <- Shenan ->
    --
    The information is provided "as is", it is suggested you research for
    yourself before you take any advice - you are the one ultimately
    responsible for your actions/problems/solutions. Know what you are
    getting into before you jump in with both feet.
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "tom" <cyberhun@shaw.ca> ha scritto nel messaggio
    news:mBhLd.225041$Xk.82854@pd7tw3no...

    > Now we'll see what your made of, Mr Massimo, Mr
    > I'm-So-Smart-About-Computers, what have you got say about THAT?

    "Don't feed the trolls".

    Bye.


    Massimo
  12. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "troll" - either that or you are misinformed to how "RUNAS" functions - as
    Massimo said, RUNAS runs whatever you told it to "as another run" - it is
    just like the "su" command in unix (although with the unix su, you can keep
    current profile variables or assume the new user variables - RUNAS don't
    give you that option). The OS actually changes it's environment to that of
    the other user, just as if you logged on as that user. So of course,
    bookmarks are going to be stored in the %HOMEPATH% of the RUNAS user instead
    of the LOGGED ON user's %HOMEPATH% - or do you "Canadians" have problems
    understanding plain "English"?

    Small note: Online MS Knowledge, Built-in "Help & Support" for both WinXP
    and Win2k3 give all types of examples of using "RUNSA", none of which show a
    "hyperlink", i.e. browser "bookmark" or "favorites" entry.

    Also note, badgering and degrading those who are trying to help you, because
    either you don't understand and/or the software was not designed to do what
    you want it to, will not make the software "automagically" do what you want.

    --
    Star Fleet Admiral Q @ your service!


    "tom" <cyberhun@shaw.ca> wrote in message
    news:mBhLd.225041$Xk.82854@pd7tw3no...
    > Wow, you really are even more completely incompetent than I thought you
    > were.
    > Let me ask you a question: why are there such things as pivilege levels
    and
    > accounts?
    > In one word---security!
    > Why would anyone want to selectively alter their account/privileges?
    > SECURITY!
    > Even you say that this is the reason for runas:
    >
    > > purpose is, actually, to run programs as any user different from the one
    > > you're logged in as.
    >
    > and why would anyone want to do that?
    > could it be related reasons of, wait for it --- SECURITY?
    > You say it's more of a 'general purpose' utility. No it isn't. It has
    one
    > purpose --- to switch accounts, and switching accounts' main purpose is
    > (according to MS, as well as myself) SECURITY!!!
    >
    > If I had more time I would make a WAV file of our IT group's collective
    > howls of
    > laughter at you, so that you COULD hear it (because brother, trust me,
    they
    > are out there and they are laughing and laughing HARD), but it might cause
    > irreversible damage to your obviously fragile mental state.
    >
    > You seem to think that it is something worth bragging about that you are
    > familiar with MS os ware dating back to NT4 --- HAH, big wow. Were you
    > using NT because UNIX was too complicated for you?
    >
    > Why, I was hand-coding assemby routines on the IBM System 360, for the
    > defence industry, with one hand, while fighting off commie infiltrators
    with
    > the other in the seventies. And doing field work on Navy crypto-gear in
    the
    > Gulf of Tonkin, and on digital repeater gear on mountaintops in Cambodia
    > with the NVA agents dragging my co-workers into the jungle and cutting
    open
    > their abdominal cavities with butcher knives and pulling all their
    > INTESTINES OUT!!! While you were sitting in your little pensiones,
    drinking
    > cappucino, and eating gelato ice cream, I was held prisoner for four years
    > in A TIGER CAGE WITH HUGE BLACK NORWAY RATS CHEWING ON MY TESTICLES!!!!!
    > Now we'll see what your made of, Mr Massimo, Mr
    > I'm-So-Smart-About-Computers, what have you got say about THAT?
    > Where are you going to go with this?
    >
    >
    >
Ask a new question

Read More

Bookmark Internet Explorer Security Microsoft Windows XP