Article ID: 555097 - Last Review: April 21, 2004 - Revision: 1.0 Windows Explorer does not support file management using Principle of Least PrivilegeSUMMARYWindows Explorer allows only a single instance of itself to be executing at once, and that instance starts automatically at logon. CAUSEWindows Explorer's behavior is by design. When attempting to start a new instance of Explorer.exe, Windows Explorer simply opens a new file browser window under the current process, rather than creating a new process. RESOLUTIONInternet Explorer (IE) can be used as an alternate file management interface. IE duplicates the look and feel fo Windows Explorer, and exposes all security, sharing, and other property dialog boxes necessary to manage files and folders. Internet Explorer can be launched as a separate process using the Runas command. For example: Runas /user:DomainName\UserName iexplore.exe will execute IE under the alternate user credentials DomainName\UserName. Runas will prompt for the user account password. Alternately, administrators can right-click the IE icon in the Start menu and select Run as… from the context menu. Windows will prompt for the alternate user name and password. Once IE is running, simply enter a file path (such as C: or \\Server\Share) into the Address Bar. IE will switch into a Windows Explorer-like view for file and folder management. MORE INFORMATIONThe Principle of Least Privilege (POLP) states that all users should log on with a user account that has the absolute minimum permissions necessary to complete the task at hand. Doing so provides protection against malicious code, amongst other attacks. For example, if an administrator logs on using a privileged account (e.g., one that has administrative privileges on the local machine, in the domain, or both), and a virus executes, the virus will have administrative access to the local computer or to the entire domain. However, had the administrator logged on with a non-privileged (non-administrative) account, the virus would have been more limited in the damage it could cause. The Runas command allows an administrator to launch specific applications, such as specific Microsoft Management Console applications, under alternate, privileged user credentials. Runas therefore allows an administrator to log on using a non-privileged account, and to still use a privileged account to launch individual administrative applications. APPLIES TO
 COMMUNITY SOLUTIONS CONTENT DISCLAIMERMICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. | Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
