From: Craig Humphrey on
Hi,

first up, I'm not entirely sure if this is the right forum, as this may be
an IE thing, rather than a Win7 thing and it may not be specifically be
around security. But anyway, here's what I'm seeing.

I've recently started testing our corporate Win7 build and my day-to-day
account is low privledged. My main apps, Outlook 2007sp2, Word 2007sp2, IE8,
etc, spend all day running under this account. However sometimes I need to
access restricted content, which requires me to run, in this case IE8, under
a high privledge account (I have a separate account which is derived from
Domain Admin), so I use RunAs with IE8 and use my high priv account.

The catch is, that often when I click URL links in Outlook (under my low
priv account), the high priv IE8 is the one that launches into the foreground.

Mostly this isn't a problem, but for our internal systems that use
Integrated or NTLM, I'm authenticating with my high priv account, which isn't
what I want.

I haven't tried this with other apps, as IE is the main one that is launched
this way and is one of the few apps that I run in a different security
context.

Has anyone else seen this?

Is there anything I can do to stop it happening?

Thanks
Craig

--
First posted on Win7Forum:
http://social.technet.microsoft.com/Forums/en-NZ/w7itprosecurity/thread/d33ec735-0ffa-4b8c-9e44-f6115c488247