You can run IE with reduced rights without downloading a program by using the built-in runas service whci allows you to run most programs as a different user, but a password will/may need to be entered each time you run the program. First make a new user with only user (not admin) rights (I named mine 'LowRights'). Then create a new shortcut with the target %SystemRoot%\system32\runas.exe /user:lowrights "C:\Program Files\Internet Explorer\iexplore.exe"
When you launch it, it will ask for the password assigned to the lowrights account and if you enter it, will launch as that user.

I can't wait for APPLE to make their OS available to ANYONE WITH x86/x64 CPU's....

You know its coming.... Logical progression after moving their chips to x86... Take over Winblows from THIS SIDE of the fence...

Nope, never gonna happen..

Apple uses their OS as one of the primary selling points for their hardware, which is what they're actually interested in getting you to buy.

It will be a cold day in hell before you can run their OS on non-Apple hardware.

I think it's going to happen. Apple has realised that there is no longer any real money in hardware, so want a piece of the software market...

I doubt it, hardware is a lot more profitable than software. Apple is aiming for a "complete" marketshare (hardware and software, not just one or the other). As long as that goal is still in sight, they will not waver from that.

All this really just makes me think that MS hasn't actually fixed anything. All this sounds like they're just trying to work around the problem, instead of fixing what's causing it (ActiveX). Why not make ActiveX optional? Or support .NET and have ActiveX run but with huge security warnings and whatnot.

My expectations for IE7 just dropped a whole lot.

They have offered this since at least IE5... It's called the "Security" tab in Tools > Internet Options. If you don't want to enable ActiveX, turn it off from there. :)

You can use Michael Howard's "DropMyRights" to safely browse and read email while running as an administrator. Very easy to do!

See: http://tinyurl.com/6yfuz

or if you prefer the long URL: http://msdn.microsoft.co...html/secure11152004.asp

Thanks for the link. I had no idea there was anything like that for current versions of Windows. It works great.

---UPDATE---
Upon further thought about this tool, I just have one question:

Some links in IE open new windows, and sometimes, IE creates more instances of itself for those new windows. Wouldn't those new instances be running with Admin rights? If so, I don't know if there's any way to fix that at all unless there's some way to jerry-rig it in the Path environment variable.

OK, first things first... To answer your question, if you open a process of IE as a specific user, it will remain as that specific user providing you do not click links outside of the initial browser session. More specifically, external links (such as shortcuts, links in OE/Outlook, etc etc) launch IE as the currently logged in user. So bottom line--- if you open IE as an alternate user, as long as you are only clicking links from that session, it should maintain that limited user's control of the browser.

One exception to this might be a poorly written page/script that ignored general link processing rules, where in a program could simply call default browser to load a link rather than having a simple link that the browser gets to decide how to process.

In response to that exception... My curiosity would be whether or not it's possible (now) to modify the File Types (for .url, .lnk, .htm/.html, etc) to automatically force iexplore.exe to use the alternate user account. I suspect it can be done with a bit of effort, but have never tried for lack of consideration on my part.

--------------------------------------------
Second, in regards to not having any idea about the feature existing...

Interesting thing about that... Windows 2000 and XP really *do* have a lot of these options now, it's just that they're so well hidden to anyone that doesn't explore their OS and the resources on Microsoft.com's TechNet that they never figure out how to use them.

This doesn't mean that everything exists, of course, and it doesn't devalue the worth of Service Packs and Upgrades... I'm just implying that a lot of same/similar functionality can be achieved if users spent more time learning about their computers and looked into options such as Tools > Internet Options and other useful options like Windows' own Alternate User.

Thank for the reply. That makes sense, and now I feel like a retard :-p

Retard? Nah, you should not feel that way... it's a learning experience, and you just took the effort to do so... If only more users would do the same! :)

Then, the ony difference between IE6 and IE7 will be the enhanced browser features like tabs. Security will be the same? I already have changed the default security settings on my browser and have been doing so for years. They seem to be pushing IE7 as the security browser, but is really the same. Oh, and that it is a stand alone!

And it seems more silly to use the above "DropMyRights" if you can bypass the security and open the browser with administrative rights. Will all the tabs in IE7 be secure if a tab were loaded and given those original administrative rights too? If then you were to click on a link from within that tab, would it not be secure?

First off, you need to have a normal link to IE (without the dropmyrights) just in order to do Windows update (administrators only).

Second, I have no idea about IE7, but if they are logical, each instance of IE started from within IE will have the same attributes as the process that started it, like GoodThings2Life said.

NO, I am referring to his comment:

"One exception to this might be a poorly written page/script that ignored general link processing rules, where in a program could simply call default browser to load a link rather than having a simple link that the browser gets to decide how to process."

And my question still stands.

oh. My bad. :-)

Linux has user privileges since *err* forever.
Let Microsoft think they figured out something new, i hope they get IE out of the deep roots of the OS

Windows has had this since 2000...

The problem is just that the need for compatibility and flexibility in Windows to compensate for poor planning (on the part of Microsoft, 3rd-party vendors, AND users) caused Microsoft to make a bad decision in making default users "Administrators" instead of regular users.

Now they are fixing the mistake in Longhorn. Yay for them! It's about time, so let's continue to encourage improvements now before Longhorn hits Beta 2 and becomes "feature complete".

-------------
Edit:

I am not sure what the big deal is, however, in simply creating a limited user account... logging in with that, and using the alternate user ability to perform administrative tasks as needed.

Simple solution: Consider using Mozilla Firefox instead.

Umm, didn't Mozilla just last month release 1.04 which resolves a couple bugs that allowed remote access/controll of a PC? Mozilla (and others) aren't really any better or worse... it's just a claim now because no one has taken time to discover how many bugs there are (yet)... but give it time. Just accept that whatever you use, there is always going to be flaws and there are always going to be fixes.... and for lack of either.... just use the Security/Privacy settings in your favorite browser.

Boy, got to watch thos types of comments or we will have "browswer wars" again.

I don't understand all the difference. Now Windows XP allows to run the iexplore.exe under specified user account, and I can create special account, e.g. Guest-like to run IE with very limited privileges. Maybe such account will be created in Longhorn automatically? It's an enhancement, but not a radical improvement.

Win2k has that feature too, actually.

Can't wait to try it out but i think i'll wait for longhorn sp1 to make sure most of the bugs are worked out first.

I think you will then not upgrade until 2010 then. Windows XP will be 9 years old and may have sp3 out if they are done testing it.

Anything like XP wasnt very long for sp1 to come out.

just hope i never have to format my old computer pre sp1 it would take forever to download all the updates think if it ever need formating i'll just rip the hard drive out and put it in this one less hassle.

This seems logical as there will be some architectural changes in Longhorn which will allow this. It would be of course nice if XP was supported, but as long as it gets done I am fine with it.

I understand their reasons for leaving ActiveX as many sites take advantage of it (especially in corporations), but they should seriously think about just forcing people to migrate. Corporations can always have group policys to allow ActiveX, and websites can always provide instructions on howto enable ActiveX. Requiring this small bit of additional work will force most legitimate websites to convert.

so what if many websites support activex. microsoft has shown in the past many many times, they dont really care much about what the end user wants or doesnt want. for years we have been screaming for a less bloated, more secure, faster version of windows. for years an outcry for stability has gone unheeded, for years the screams of the masses to fix the core of windows itself that would allow an application to run in such a manner as to even allow the application to have total control let alone a web page. This is madness! why should a website have THAT kind of power. ActiveX is a scripting language, and as such it should be used to ASSIST in certain tasks. sure you can build a program entirely made of scripts (websites use simular scripts [perl, cgi etc] and other oses have used scripts [rexx etc] to make complete applications that run as applications, and to a certain degree the two aspects [remote and local] "programs" made of scripts have interacted with operating systems, but to allow a script to have the kind of control over the operating system is not only madness, it's also dangerous.
Microsoft, limit more what can be done with activex or phase out support for it as you did with your prior operating systems (win95,98,me,nt,2000, and soon - yes, even xp)
Micrtosoft, cut the bloat out of your os. you wish to be known as an innovator, instead of just finding ways to add in functionality to your operating system so it's more like other operating systems, do a complete from the ground up re-write of windows. heck, get rid of the windows name itself to avoid confusion while your at it when this totally new os is made (like ya, THATS gonna happen). You have the funds, you have the labor pool, you have the talent, you have the ability, but most importantly, you have the RESPONSIBILITY - as the industry leader - to actually lead instead of follow. Lets see if we can put a challenge to microsoft.. build an operating system, one that has web capabilities, ftp, mail etc, all the things you need to do on the web, and have a notepad and an expanded word processor, have a spreadsheet, and a database, have a few games, have digital media support, and make it all fir on 1 floppy. (wait.. THATS been done too for the most part... with qnx ( http://www.qnx.com/ ). heheh. seriously though, trim all the fat of that os... instead of "adding on" to an operating system more and more and more and more and more and more, rather than completely rewriting that same os to have those functionalities built in in the most efficient and least intrusive manner possible - gets old. when will it end? windows 2010.. system requirements : 6 ghz processor, 3 terrabytes ram, 40 terrabytes hard drive space? thats where it's heading IMO