Some current Windows XP users who are concerned about the security risks created by constantly running Windows with administrator-level privileges create two accounts: one administrator-level and one user-level. Whenever possible, they use the user-level (least privileged) account. However, this generally does not result in a pleasant experience, and users often give up and return to a single account with administrator privileges.

The main reasons users give up on this approach are as follows:

• Users are frequently forced to log out and log back on with their administrator account to perform some tasks
• Many Windows applications will not run without administrator privileges
• The "RunAs" command—Microsoft's recommended method of temporarily elevating privileges on Windows XP—fails to work correctly in many cases, including with many applications.

Although Windows XP SP2 is still in Mainstream support and used by a large number of customers, fixes to support running with the least-possible privileges will require Windows Vista and will not be extended to work with Windows XP. Microsoft considers these changes architectural improvements rather than fixes to bugs or coding mistakes, which are covered by support.

Back to associated article: User Account Control to Limit Vista Exploits