After a subtantial amount of beta testing, Microsoft published a document that can help administrators who want to implement Least Privilege User Accounts (LUA) on Windows XP. However, implementing LUA could come with significant costs and challenges.
The new document, "Applying the Principle of Least Privilege to User Accounts on Windows XP," was published January 18. In it, Microsoft points out that companies might need to deploy new tools, re-develop custom applications, and change operational procedures. Presenting ever further challenge is the fact that some software will not run unless the user's account has Administrator rights. Another complicating factors is that people might need to install new hardware or software, which could require Administrator rights.
Nevertheless, having Microsoft's advice on the matter will come as a boon to those who are intent on implementing LUA as soon as possible. The lengthy document includes a wealth of tried and tested advice along with a list of tools you might require. Some of the suggested tools are well-known staples for many administrators. For example, you'll probably need RegMon and FileMon, two widely used tools that are freely available from Sysinternals. You might also need MakeMeAdmin, DropMyRights, Privbar, PolicyMaker, Microsoft Windows Application Compatibility Toolkit, and more. Microsoft also points out two Technet Webcasts that you might not be aware of: Limited User Access: The Good, the Bad and the Ugly and Tips and Tricks to Running Windows with Least Privilege.
The document is the culmination of group effort by eleven contributors and dozens of other people who reviewed and tested the included advice. The document is available at Microsoft Technet in HTML format. Be sure to review the Resources section for a long list of helpful links.