Re: Escalation of privilege

From: Nicolas Macarez (macarez_at_free.fr)
Date: 11/24/03 

Date: Mon, 24 Nov 2003 09:58:06 +0100

"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:3FBAA3DB.11DAD16A@hydro.com...
> Nicolas Macarez wrote:
>
> > Hi Torgeir
> > Many thanks for your tiny tool - but great in my case.
> > It works, of course, but a new problem turn up: it's not the registry
of
> > the current user which is modified but the registry of the Aministrator
> > account - and it's not fine at all.
> >
> > In fact, runas open an admin session behind the scenes, executes the
scripts
> > (and so modifies the HKEY_CURRENT_USER stuff, but the Aministrator
account
> > itself), and at last closes the session and gives you back the cursor.
> > The HKEY_CURRENT_USER of the plain current user (the guy with no admin
> > rights) is not modifed at all.
> >
> > I'm still searching for a workaround...
>
> Hi
>
> At least one of the buy-products can do this it looks like:
>
> From http://www.netexec.de/
>
> <quote>
> Temporary Administrator group memberships
>
> Another feature that make NetExec a excellent choice for software
installation
> scenarios are extended group memberships. Using this feature it is
possible to
> run a process under a non-privileged user account, but inside this process
the
> user becomes also a member of the Administrators group. Therefore the app
uses
> the profile, settings and home directory of the non-privileged user
account, but
> runs with Administrator privileges.
> </quote>
>
> --
> torgeir
> Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of the 1328 page
> Scripting Guide: http://www.microsoft.com/technet/scriptcenter
>
>

Torgeir,
I ran netexec, mainly the localexec utility w/ the command line features.
The command line syntax was :

localexec C:\Scripts\leader.vbs ACCOUNT=administrateur
PASSWORD=PassAdmin2003 /NODIALOG /NOPROFILE

I ran this command as leader4, a user without any admin privileges.

Unfortunately, again it was the registry of the administrateur account which
was modifed, and not that of leader4.
It seems that it is not was you say above - unless I am not running the tool
correctly, with the suitables options, whihch is what I hope...

Help greatly appreciated and thanks for your patience!

Nicolas

Relevant Pages

  • Re: How do I find out if Im the system administrator for my perso
    ... registered as the system administrator for this machine. ... password when I'm installing new software and under some other ... I was never asked to establish an administrator's account or password ... The reason for my question is that I'm about to have to edit my registry ...
    (microsoft.public.windowsxp.security_admin)
  • Re: XP - My Documents - wrong users
    ... I have not attempted the registry mods yet. ... was log in as my wife JANE (set as administrator) and then ... an account for use as administrator, so no loss cancelling my account. ... Shell Folders ...
    (microsoft.public.windowsxp.general)
  • Re: Administrator account disabled
    ... Great info, Torgeir. ... >> to do that, so I logged off to log back in as the administrator, and i ... >> get an error message that says the admisnistrator account is disable. ... > Safe Mode session). ...
    (microsoft.public.windowsxp.general)
  • Re: Access to Windows XP SP 1 registry
    ... her an administrator or what ever I need to do in there to get into and edit ... I want to change the name in the registry. ... You need to log into the computer using an account with administrative ... the original owner downloaded/installed viruses or other malware. ...
    (microsoft.public.windowsxp.general)
  • Changing HKCU registry permissions for other user, as Admin.
    ... become 'orphaned' from their account, for example by domain change. ... If the user is not an Administrator it is no use trying to change the ... if you try to modify the permissions on another useraccount's registry ...
    (microsoft.public.windowsxp.security_admin)