Drop My Rights

I decided to do something a bit different this week. Rather than an essay on an InfoSec principle, I wanted to review and recommend a free product I’ve been using for a couple years.

Windows XP is still the most popular Operating System out there. And we still have way too many people running with administrative rights all the time. Drop My Rights is a free Windows XP utility offered by Microsoft that allows you to be logged into your computer as an administrator but run some programs with reduced privileges. I first heard about Drop My Rights on Steve Gibson’s Security Now! Podcast several years ago. Credit goes to Steve and Leo for introducing this to me.

Many of us get used to the convenience of always running our computers as administrator. Of course you need admin rights for things like installing applications and changing network settings, but you also need them for little things you wouldn’t think of. For instance, I’ve developed a habit of double clicking on the system clock to pull up the calendar. I use that to quickly scan forward or backward to look at dates. That activity is actually unavailable for standard users.

Drop My Rights lets me continue running as an administrator while running high risk programs like Internet Explorer, Firefox and Outlook with reduced rights. Below, I will give a brief explanation of how to configure Drop My Rights and resources if you’re looking for more information.

Download the installer for Drop My Rights from: http://download.microsoft.com/download/f/2/e/f2e49491-efde-4bca-9057-adc89c476ed4/dropmyrights.msi

Go through the install process. I recommend you select defaults except to change the install path to something easier to remember, because you’ll need to use it later. For the purposes of this article I will use c:dropmyrights.

Next, you will need to edit shortcuts that will open your high risk applications through the Drop My Rights context. I am going to set up Firefox. Right click on shortcut and select Properties.

Once you’re in the Properties Windows, in the Target field move your cursor all the way to the left and enter: C:dropmyrightsdropmyrights.exe

Change the “Run:” field to “Minimized” so that you don’t need to see Drop My Rights pop up whenever you use that shortcut.

And, Bingo, you’ve got Drop My Rights configured for that shortcut. For some programs (like Internet Explorer) you will need to go find the Icon again so the shortcut looks like, but Firefox doesn’t lose its appropriate Icon.

Firefox instances started from that shortcut will not have administrative rights. If a piece of Malware tries to perform an installation it will fail due to insufficient privileges. I recommend editing all your commonly used shortcuts in this way, then if you really need to run Firefox (or IE, etc) as an administrator you can go to the shortcut under Start/Programs and intentionally run with elevated privileges.

You can find more information about this tool, including technical details and options for switches here: http://msdn.microsoft.com/en-us/library/ms972827%28printer%29.aspx

Connect with


One thought on “Drop My Rights

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s