I'd like the option to launch Portable Apps with reduced privileges similar to the function of DropMyRights.exe by Microsoft (i think the code is open-source, but i could be wrong:
http://msdn.microsoft.com/en-us/library/ms972827.aspx
As I always run as a member of the Administrators Group on my PC, I currently run a few apps with DropMyRights such as Pidgin, Firefox, and most internet-facing apps.
I know there is a 'Run as' option, but this is inconvenient. It would be nice if there was a setting in PAP to strip the admin privileges away from the running apps....
EDIT: My platform is Windows XP. The function described above is already the default action in Vista.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Like nearly all Microsoft tools, the binary and source have a restrictive EULA attached which prevents its use in open source software under an OSI-approved license. So, we can't incorporate it.
A better option would be to run in XP as a limited user and login as admin (or run as) as needed.
We could add the ability for an advanced user to add DropMyRights or a similar tool into the platform manually, detect it and then give them the option to launch certain apps with it if there were enough interest.
Sometimes, the impossible can become possible, if you're awesome!
The particular program (DropMyRights) may have a restricted Eula, but the technique is just a matter of calling system APIs. PSexec and Procexp from Sysinternals do it too, and there are blog posts about it. ("PsExec uses the CreateRestrictedToken API to create a security context that's a version of the one your account is using, but without membership in the local Administrators group or any administrative privileges. A process running in that security context has only the privileges and accesses of a standard user account.") See http://blogs.technet.com/markrussinovich/archive/2006/03/02/running-as-l... and other technet blogs.
Another program that does it is Google Chrome. I don't know if the way they do it is part of the OSS Chromium project or not. But on my machine, at least, if you use Process Explorer, right click on the parent Chrome and look at the security tab of properties, you can see that the standard security tokens and flags are present, but any of the child Chrome processes have them reduced.
I've only ever seen it work when one program (e.g. DropMyRights or psexec.exe or chrome.exe) spawns another; that's when the security tokens are manipulated. Since the Platform menu or launcher spawns child processes, it would be excellent to have either the platform or launcher manipulate the tokens directly.
Vista and Windows 7 make most of this discussion moot, fortunately (assuming Vista and Windows 7 eventually replace XP and older OS's, and people don't turn off the protection).
MC
I don´t know whether this is requested by a lot. I did already post that some time ago and there wasn´t much interest. For advanced users it should be easy just to create a folder within PortableApps folder, putting MS DMR.exe into it and calling the different portableapps via dmr with bats. If the bats are converted to exe they show up in the menu. Works for me for over a year on XP.
https://portableapps.com/node/12044#comment-70614
"Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis .." Friday Next -
"May The Schwartz be with You!" Yogurt the Yoda
I'm just curious, what are the advantages of running apps with reduced privileges?
Say you are using Firefox and there is a security flaw that a webpage exploits. Running with reduced privileges can stop the virus before it does much damage.
cowsay Moo
cowthink 'Dude, why are you staring at me.'