Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Windows Explorer does not support file management using Principle of Least Privilege


Author: Don Jones MVP

View products that this article applies to.

Summary

Windows Explorer allows only a single instance of itself to be executing at once, and that instance starts automatically at logon.

↑ Back to the top


Cause

Windows Explorer's behavior is by design. When attempting to start a new instance of Explorer.exe, Windows Explorer simply opens a new file browser window under the current process, rather than creating a new process.

↑ Back to the top


Resolution

Internet Explorer (IE) can be used as an alternate file management interface. IE duplicates the look and feel fo Windows Explorer, and exposes all security, sharing, and other property dialog boxes necessary to manage files and folders. Internet Explorer can be launched as a separate process using the Runas command. For example: Runas /user:DomainName\UserName iexplore.exe will execute IE under the alternate user credentials DomainName\UserName. Runas will prompt for the user account password. Alternately, administrators can right-click the IE icon in the Start menu and select Run as� from the context menu. Windows will prompt for the alternate user name and password. Once IE is running, simply enter a file path (such as C: or \\Server\Share) into the Address Bar. IE will switch into a Windows Explorer-like view for file and folder management.

↑ Back to the top


More information

The Principle of Least Privilege (POLP) states that all users should log on with a user account that has the absolute minimum permissions necessary to complete the task at hand. Doing so provides protection against malicious code, amongst other attacks. For example, if an administrator logs on using a privileged account (e.g., one that has administrative privileges on the local machine, in the domain, or both), and a virus executes, the virus will have administrative access to the local computer or to the entire domain. However, had the administrator logged on with a non-privileged (non-administrative) account, the virus would have been more limited in the damage it could cause. The Runas command allows an administrator to launch specific applications, such as specific Microsoft Management Console applications, under alternate, privileged user credentials. Runas therefore allows an administrator to log on using a non-privileged account, and to still use a privileged account to launch individual administrative applications.

↑ Back to the top


Properties

COMMUNITY SOLUTIONS CONTENT DISCLAIMER
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

↑ Back to the top


Community solutions content disclaimer

Microsoft corporation and/or its respective suppliers make no representations about the suitability, reliability, or accuracy of the information and related graphics contained herein. All such information and related graphics are provided "as is" without warranty of any kind. Microsoft and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information and related graphics, including all implied warranties and conditions of merchantability, fitness for a particular purpose, workmanlike effort, title and non-infringement. You specifically agree that in no event shall Microsoft and/or its suppliers be liable for any direct, indirect, punitive, incidental, special, consequential damages or any damages whatsoever including, without limitation, damages for loss of use, data or profits, arising out of or in any way connected with the use of or inability to use the information and related graphics contained herein, whether based on contract, tort, negligence, strict liability or otherwise, even if Microsoft or any of its suppliers has been advised of the possibility of damages.

↑ Back to the top


Keywords: KB555097, kbhowto, kbpubtypecca, kbpubmvp

↑ Back to the top

Article Info
Article ID : 555097
Revision : 1
Created on : 4/21/2004
Published on : 4/21/2004
Exists online : False
Views : 271