Most Windows users work with administrative privileges all the time. Everything they do, from browsing the Internet, and writing documents is performed with full and unnecessary administrative control. From a security perspective, running with administrative privileges is dangerous to your computer and data, but sometimes it’s part of the job.

Web browsing and reading emails are operations that don’t require administrative privileges, and tend to bring malicious code and other nasties back to the user. To be more secure, you should use administrative privileges only for tasks that really require them (e.g. installing updates).

Windows XP and later Windows versions support a capability called software restriction, which lets users run software at a lower privilege. For instance, if you’re an administrator, you could run an application as a normal user by stripping out several privileges from the application’s security token. Unfortunately, this option is not exposed in the user interface, hence not many Windows users aware of its existence.

DropMyRights is a free command-line utility, developed by Microsoft, to help users who must run as an administrator run applications in a much-safer context. In a nutshell, it takes the current user’s token, removing various privileges, and then using that token to start another process, such as Internet Explorer or Outlook.

It takes the program you want as the first argument and the privilege level (”N” - normal user, “C” - constrained user, “U” - untrusted user) as the second argument. For convenience, you can create “safe shortcuts” on your desktop that always bring up an application as non-administrator. If you’re going to use DropMyRights to run more than several applications, you might wan use the shell extension.