SetSAFER

SetSAFER is a policy-setting tool written by Michael Howard that can force applications to always run with lower priviledges. You can download it and read about it in his MSDN article "Browsing the Web and Reading E-mail Safely as an Administrator, Part 2".

Here's an example input file for SetSAFER:

<?xml version="1.0" encoding="UTF-8"?>
<safer>
  <app comment="Internet Explorer"
    path="C:\Program Files\Internet Explorer"
    user="true" />
  <app comment="Microsoft Office 2003"
    path="C:\Program Files\Microsoft Office\OFFICE11"
    user="true" />
  <app comment="MSN Messenger"
    path="C:\Program Files\MSN Messenger\msnmsgr.exe"
    user="true" />
</safer>

Michael has answered reader questions in his blog post about the article.

If you want to get started right away, and set your Internet Explorer browser to run as a user, save the following text to a file named LowRightsIE.reg and then double-click the file to edit your registry.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths\{effd8629-e248-4c3c-a06b-c178921c6745}]
"Description"="Internet Explorer"
"ItemData"="C:\\Program Files\\Internet Explorer"
"SaferFlags"=dword:00000000

See his post "SAFER and Internet Explorer" for more details on this quick fix.

See other Useful Tools