March 26, 2026

Jurassic Park, but for browsers

Article URL →HN comments →

Ask HN: Running legacy IE/ActiveX clients without local admin rights?

IE dinosaur won’t run without admin — crowd splits between “lock it in a cage” and “rebuild it”

TLDR: An old Internet Explorer app only runs with admin powers, so the team used a clever Task Scheduler trick to elevate just that program. The crowd roared back: lock the dinosaur in a safe virtual “cage” now, and plan a rewrite later—skip pricey tools and avoid handing out admin rights

Hacker News just watched an engineer try to keep a fossil alive: a creaky Internet Explorer app that only works with admin powers. The current hack? A Task Scheduler trick to elevate just that app without sharing the password, documented here. The ask: any safer way to let non-admins run it, plus tips for taming those old ActiveX bits?

The crowd’s hottest take: put the zombie in a cage. Multiple voices pushed a locked‑down virtual machine (a separate, disposable “computer inside your computer”), even via remote login tools, with daily resets and no access to the rest of the company. One commenter flatly declared, “PAM will not save you,” while another said Windows now has a “sudo” button and suggested dialing in precise permission settings instead of sprinkling magic admin dust.

Then came the reality check: just rewrite it. Some pleaded to budget for a fresh client that doesn’t demand ancient browser ruins. Meanwhile, jokers compared the app to a museum exhibit—“feed it sensor data and keep fingers away from the glass.” The vibe? Short‑term: containment. Long‑term: escape plan. And everyone agrees: the Task Scheduler workaround is a clever band‑aid, but nobody wants to bet the company on duct tape and Internet Explorer in 2026. Bonus drama spilled over from r/sysadmin cheering the VM prison approach

Key Points

  • Legacy IE/ActiveX client only works under local admin; it hangs for standard domain users.
  • A production workaround uses Windows Task Scheduler to elevate the specific app without revealing admin credentials.
  • Advice from r/sysadmin pointed to enterprise PAM solutions or deep analysis with Procmon.
  • The author is analyzing the client with Procmon but has not yet eliminated the need for the Task Scheduler workaround.
  • The post asks for open-source per-app elevation tools, Procmon guidance for ActiveX, and budget-free isolation strategies.

Hottest takes

How much would it cost to rewrite the client tools — stop50
IE and Windows with admin rights would run in a restricted VM — mysteria
PAM will not save you — oneplane

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.