invisiblethings' blog: Running Vista Every Day!

Do-It-Yourself: Implementing Privilege Separation Because of the limitations of the UAC and IL mentioned above (i.e. the read-up policy), I decided to implement a little privilege-separation policy in my system. The first thing we need, is to create a few more accounts, each for a specific type of applications or tasks. E.g. I decided that I want a separate account to run my web browser, a different one for running my email client as well as IM client (which I occasionally run) and a whole other account to deal with my super-secret projects. And, of course, I need a main account, that is, the one which I will use to log in to the system. All in all, here is the list of all the accounts on my Vista laptop: • admin • joanna • joanna.web • joanna.email • joanna.sensitive

Highlighted by dabruro

you can very easily setup your Firefox (or other browser of your choice) to run as Low integrity process (here we assume that Firefox user’s profile is in j:\config\firefox-profile): C:\Program Files\Mozilla Firefox>icacls firefox.exe /setintegritylevel low J:\config>icacls firefox-profile /setintegritylevel (OI)(CI)low Because firefox.exe is now marked as a Low integrity file, Vista will also create a Low integrity process from this file, unless you are going to start this executable from a High integrity process (e.g. elevated command prompt). Also, if you, for some reason (see below), wanted to use runas or psexec to start a Low integrity process, it won’t work and will start the process as Medium, regardless that the executable is marked as Low integrity.

Highlighted by dabruro

enter password for the one of the administrator's accounts. You can find more background information about UAC,

Highlighted by fmavituna

So, I really wonder what those people are doing that they see UAC constantly appearing every other minute…

Highlighted by fmavituna

Even though it’s possible to disable heuristics-based installer detection via local policy settings – see picture below:



that doesn’t seem to work for those installer executables which have embedded manifest saying that they should be run as administrator.

Highlighted by fmavituna

Similarly, every securable object in the system, like e.g. a directory, file or registry key, can also be assigned an integrity level.

Highlighted by fmavituna

ACE at all, then the integrity level of the object is assumed to be Medium.

Highlighted by fmavituna

If you don’t like surfing using IE, you can very easily setup your Firefox (or other browser of your choice) to run as Low integrity process (here we assume that Firefox user’s profile is in j:\config\firefox-profile):

C:\Program Files\Mozilla Firefox>icacls firefox.exe /setintegritylevel low
J:\config>icacls firefox-profile /setintegritylevel (OI)(CI)low

Highlighted by fmavituna