I'm running Win2K now, and the "run-as" command works fairly well. For most programs you have to enable this feature through the properties of a shortcut or directly on the properties of the exe. I log on as a non-privileged user, then when needed, issue a "run-as" command (right click), and run a process as a different user, in my case an admin account. The only problem is that you cannot run the shell in different user contexts. For example, if I have a privileged command window open, and a non-privileged explorer window open, I obvious cannot access restricted areas with explorer, but I can with the command prompt. However, if I issue a "start ." command from the command prompt, the resulting explorer window will revert back to a non privileged user. Not so good, but better than NT4, especially with IE5 (shiver...).
NT4 had a similar command in the resource kit, but more difficult to use, called su.exe (surprise surprise). It was basically more pain than it was worth in my case. I don't think it's a terminal server offshoot, but perhaps both capabilities, terminal server and su.exe are derived from the same hacks in NT.
As far as user preferences, they are handled just as UNIX would as far as I can tell. In unix, you can su in a shell and the environment is that of root, not the non priv user. Same in NT. I can't comment on disk cache or other process, however.
Scott
-----Original Message-----
From: Darren Reed [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 17, 2000 12:28 PM
To: [EMAIL PROTECTED]
Subject: Re: XML in IE 5.0
In some mail from Ryan Russell, sie said:
[...]
> For Windows users, The MS guys gave an interesting talk at the NTBugtraq
> Canada Day Party at Russ' house last year. NT2000 will include a feature that
> is similar to su on unix, which will allow one to have different windows open
> as different users on the same box... I believe it's an extension of the
> terminal server concept. Anyway, once folks get NT2000, they should really
> consider running their browsers as locked-down, non-priveledged users.
>
> I believe you can do the same on most modern unices now with judicious
> use of su and xhost adjustments.
Except that user preferences are no longer stored as being owned by *that*
user (roaming profile problems anyone ?), per-user disk cache usage isn't
associated with the correct user, etc. Can you really imagine 90% of
Internet users being savvy enough to run a browser in an "su" window ?
The other option here for M$ is to reinvent the setuid bit :->
Darren
