There's an excellent whitepaper released by Microsoft on the practice of running with LUA in Windows XP.
I try to be as security conscientious as I can, and I started running as 'user' for my day to day tasks after a New England Code Camp with
Robert Hurlbut.
It makes a lot of sense on so many different levels.
For those not familiar with LUA, I *strongly* suggest you give the article a read. The basic gist of LUA is to use an account with the least privileges as possible for your day to day computing. There are a number of benefits to this, my favourite being spyware. It is a lot harder for spyware to get installed on your machine if you are running your browser, and Windows with an account that does not have permission to install software. By using a login with the most restrictive permissions possible, you reduce the risk of a security breach. The article covers the benefits, risks, gotchas, and implementation of LUA.
Working for myself, this is a great idea. I don't have time to waste trying to rid myself of any internet nasties I may have picked up. As an employee of a larger organization, I can also see the huge reduction in costs of the IT department having to go remove WebRebates off the computers of the 200 users that could not live without that 500000000 emoticon add-in for Outlook that they just *had* to download. I originally say LUA as a power trip by a couple of IT losers that wanted to play power games and try to make themselves feel more important and useful than they really were, but I few years ago I really started to 'get it'.
As a developer, it makes a ton of sense. Why develop an application assuming that your end users will be running with the broadest set of permissions available, only to find out the 200 people in your corporation that are using your app will not have admin permissions, and that app you spent months developing needs registry, program files and system access that your users will not have? I never thougth of it that way before Robert's session. Just one more way to reduce the
'duhhhh, um it worked on *my* machine, duhhhh!'
Check it out today, it definitely is a little hard to get used to, but really try to stick with it and in the end you *will* be *very* glad you did. For those day to day tasks that *do* require admin permissions, there are some excellent tools out there like the admin cmd prompt, as well as the "right click, run as…" option.
article at : http://go.microsoft.com/fwlink/?LinkId=58445