Re: Simple method to block outgoing traffic



Duane Arnold wrote:

Limited User Access.

Well is anybody following it?

That doesn't change anything about what's reasonable and what's not.

Exactly. When some software definitely requires Admin rights for its
job, then I have no problem running the installer. Active Ports however
does not.

I beg to differ as below you will notice the registry keys that are being
made for Aports that were gotten from the uninstall.log. Now, unless a
Limited user account has the rights and can make changes to the registry
that most likely it can't do, then Aports has to be installed with an
installer that's running under Admin rights.

Or am I missing some thing here?

You're missing that there's no need for installer to make those changes
at all, and at least graceful degradation could be assumed. And actually
there's no need for the installer at all, except some user experience

Signature=VISE

And yes, even the VISE installer crap has support for LUA.

[WinNT]
AdminPrivileges=1

Just enter a 0 here and it works fine. You'll get some errors on the
trial of writing some values, but you can simply press the Ignore button
and continue.

For the same reason I ported the complete Photoshop installation to
Limited User access , which was a big and dirty hack - but I worked.

And not in any shop that I have been in as a programmer.

Well, that's sad. In most cases simply replacing FULL_ACCESS with
MAXIMUM_ALLOWED in all fopen() calls and replacing all HKLM with HKCU
solves almost any problem.

Now, if anything had to be installed on a machine
that the user didn't have admin rights, then someone from Tech Support that
had Admin rigths came to the machine or logged on remotely and did the
install of the software.

That's the usual consideration, due to efficiency, as long as it doesn't
create any privilege escalation vulnerabilities. Photoshop does.

Well, I did it once and ported it to every other machine. And maybe I
should write a tutorial + script collection and publish it at the
intarweb for all those poor admins out there.
.