Re: Escalation of privilege
From: Nicolas Macarez (macarez_at_free.fr)
Date: 11/18/03
- Next message: Tom Pepper Willett: "Re: Re: MSN Messenger ID stolen"
- Previous message: DanaK: "Secure messaging"
- In reply to: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Next in thread: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Reply: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Reply: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Nov 2003 00:18:05 +0100
Hi Torgeir
Many thanks for your tiny tool - but great in my case.
It works, of course, but a new problem turn up: it's not the registry of
the current user which is modified but the registry of the Aministrator
account - and it's not fine at all.
In fact, runas open an admin session behind the scenes, executes the scripts
(and so modifies the HKEY_CURRENT_USER stuff, but the Aministrator account
itself), and at last closes the session and gives you back the cursor.
The HKEY_CURRENT_USER of the plain current user (the guy with no admin
rights) is not modifed at all.
I'm still searching for a workaround...
Regards
Nicolas
"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:3FB8CA7C.382C40FC@hydro.com...
> Nicolas Macarez wrote:
>
> > Hi Everyone
> > I am working on a Windows 2000 Professional desktop (no domain
controller,
> > no Active Directory, everything is local).
> >
> > When a user, without any admin rights, logs on, a logon script is
executed.
> > This VB script (WSH and WMI stuff) modifies some registry keys and
entries
> > under HKEY_CURRENT_USER and I need to run this script with the admin
> > rights - otherwise certain entries are not modified because the users
doen't
> > have the right to do so.
> >
> > How can I escalate the privilege INSIDE my script, and then release the
> > rights afterwards, once the session is opened ?
>
> Hi
>
> Some options that might work for you:
>
>
> If it doesn't matter if the password is in clear text:
>
> Sanur Commandline Runas Automation Utility (free)
> http://www.commandline.co.uk/sanur/
>
> CPAU on the free win32 c++ tools page of
> http://www.joeware.net
>
>
> if it does:
>
> Some 3rd party RunAs solutions that "hides" (encrypt) username/password
> are listed in the link below (buy solutions). Can be run from network
shares,
> so nothing needs to be installed on the client computers.
>
> http://groups.google.com/groups?selm=3E272913.27CBE26D%40hydro.com
>
>
> And from a recent post by Peter M.:
>
> <quote>
> I am currently using AutoIt V3 (http://www.hiddensoft.com/autoit3/)
> It includes a command to run a command as a special user. You can
> write a simple script and then compile it with autoit as an executable.
> Protect this executable with a password and you are done.
>
> AutoIt V3 ist still beta and under development, but the actual version
> is stable and the functions you need (runasadmin,regwrite...) are
> already implemented and working.
> </quote>
>
>
> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of the 1328 page
> Scripting Guide: http://www.microsoft.com/technet/scriptcenter
>
>
- Next message: Tom Pepper Willett: "Re: Re: MSN Messenger ID stolen"
- Previous message: DanaK: "Secure messaging"
- In reply to: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Next in thread: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Reply: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Reply: Torgeir Bakken (MVP): "Re: Escalation of privilege"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
