Re: I thought user security was a holy grail

From: Kevin K (WMTRP205@NoSpam.com)
Date: 03/05/03


From: "Kevin K" <WMTRP205@NoSpam.com>
Date: Wed, 5 Mar 2003 00:43:55 -0500


Hi Adrian,

I apologize for not responding to your post sooner, but I have not had time
to go on the newsgroups in the past few days.
---------------------------------------------------------------------
Here is an example. In the example:

Joe is a username with administrative access
XYZ321 is the password
program.exe is the program
program.exe is located in C:\programs
-----------------------------------------------------

' Explicit variable declaration and standard globals
Option Explicit
Dim g_sComputerName
Dim g_oShell, g_oFSO, g_oNet

' Set standard globals and create global objects
Set g_oShell = CreateObject("Wscript.Shell")
Set g_oFSO = CreateObject("Scripting.FileSystemObject")
Set g_oNet = CreateObject("WScript.Network")

g_sComputerName = g_oNet.ComputerName

' in this example the command prompt is being run as the administrator
' on the local computer.
g_oShell.Run "runas /user:" & g_sComputerName & "\Joe
C:\programs\program.exe"
Wscript.Sleep 500

' change YourPasswordHere to the local computer administrator account
password
' the password must be in the quotation marks
g_oShell.SendKeys "XYZ321" & "{ENTER}

-------------------------------------------
The next step is to save and make a shortcut in the limited user account(s)
start menu. Then it should work.

-- 
Kevin
Please reply to newsgroup so that all may benefit
"Adrian C." <4chapfam@cableone.net> wrote in message
news:072f01c2df47$ab331940$a401280a@phx.gbl...
> Hello Kevin,
>
> I too was frustrated by this phenomenon and was delighted
> to see there was at least a work-around.  To me it seems
> obvious that it should default to limited users accessing
> already installed programs, not to have to force our way
> in.  But that's beside the point, I'm not sure what I did
> wrong but I followed your directions and it doesn't work.
> After giving up late last night, I thought maybe the user
> name or password or filename shouldn't be in parantheses,
> but when I looked at your instructions again I see that
> they are supposed to be there.  I've tried creating a
> shortcut in the Limited Users root directory, "Start Menu"
> sub, "Programs" sub sub, and "Startup" sub sub sub.  I
> even tried to "run" the *.vbs file after logging on as the
> limited user, but still get the message that administrator
> rights are needed to run the program.  The only thing I
> can think of doing different is within the
> line "\administrator cmd.exe", I've been typing the
> program name with the .exe after it.  Would it be possible
> for you to include an actual example (minus the password)?
>
> Thanks!
>
> >-----Original Message-----
> >Hi  Bill,
> >
> >You can use the Run As command to have the programs run
> as if the user was
> >using an admin account. Use this script:
> >http://msruniv.corp.bcentral.com/Shared%
> 20Documents/runas_admin_script.vbs.txt
> >
> >NOTE: The link may warp. If it does copy and paste it
> into your browser.
> >
> >If you would like to encrypt it (recommended), then visit
> >http://msdn.microsoft.com/scripting . Click on Downloads
> on the right side
> >of the page. Then choose Script Encoder
> >
> >----------------------------------------------------------
> ---------
> >If you need further instructions, see below:
> >
> >Go to the link above and copy the everything there. Paste
> it into notepad.
> >
> >Next, look below where it says ' in this example.....,
> You will see
> >"\administrator  cmd.exe". Change administrator to the
> administrator's user
> >name and change
> >cmd.exe to the filename of the program that you want to
> run.
> >
> >Then change YourPasswordHere to your account password.
> >
> >Save the file with a .vbs extension and create a shortcut
> to it in the start
> >menu of the limited account.
> >
> >If you would like to encrypt it so other users cannot
> view the contents of
> >the script and get your password, visit
> http://msdn.microsoft.com/scripting
> >.. Click on Downloads on the right side of the page. Then
> choose Script
> >Encoder.
> >
> >-- 
> >Kevin
> >Please reply to newsgroup so that all may benefit
> >
> >"bill" <temp2@swfla.rr.com> wrote in message
> >news:079601c2de91$9180d980$8ef82ecf@TK2MSFTNGXA04...
> >> One of the main causes of my infinite headaches is users
> >> installing or being tricked into installing programs on
> >> their computer.  I nearly cried w/ joy when I found out
> >> that xp would have a "limited" account such that only
> >> administrators could install programs on the
> workstation.
> >> WHAT A GOD SEND.  The problem is that many software
> >> programs require privileges beyond this to function and
> >> getting ANYONE from support to tell you which files or
> >> registry keys require access for the programs to
> function
> >> is like asking kindergarteners to solve Schrodenger wave
> >> equations.  Case in point, virus scanners.  I have found
> >> out where to give privileges (both directory and
> registry
> >> key access requird) so that Norton will auto update but
> >> manual live updates will fail, no thanks to Symantec
> but I
> >> can live with the current status.  I have done the same
> >> with several other third party programs.  You would
> think
> >> that MICROSOFT XP OFFICE PRODUCTS would not have the
> same
> >> problem but apparantly you need power user access to
> >> create a custom border in publisher.  If anyone has an
> >> idea where to attack this one pls help.  If anyone from
> >> Microsoft reads this GET A CLUE.  Pulling read-only
> wmf's
> >> from a cd to create border art should not be done to a
> >> secure folder.  What flippin' good does it do to limit a
> >> drunk's access to alcohol if he has to chug a quart in
> >> order to leave his house.  I AM SICK TO DEATH OF TRYING
> TO
> >> IMPLEMENT STRATEGIES ONLY TO HAVE A 5% REQUIREMENT WIPE
> >> OUT 95% OF THE WORK.  If there is any software vender
> that
> >> should be writing software that works within Microsoft's
> >> security structure IT SHOULD BE MICROSOFT.  I don't have
> >> to give my kids the password to the brokerage account to
> >> operate the lawnmower on the weekend and I shouldh't
> have
> >> to give high-level security access to a user for them to
> >> put a shamrock border around a calendar file they
> created.
> >>
> >> tks, I feel vented.  Any suggestions welcome.
> >
> >
> >.
> >


Relevant Pages

  • Re: I thought user security was a holy grail
    ... Hi Kevin, I was wondering if I could get you to contact me offline. ... > ' in this example the command prompt is being run as the administrator ... > The next step is to save and make a shortcut in the limited user ... >>>using an admin account. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Myst III, Exile will not launch in Limited User
    ... Here's a utility to allow Administrators to permit users to run games: ... limited user account(s) to an admin account in Control Panel / User Accounts, ... When your limited user wants to play a game that requires Administrator ...
    (microsoft.public.windowsxp.games)
  • Re: Problem running applications
    ... Windows XP has two main types of user accounts: ... accounts, one with administrator powers to install/uninstall stuff, and make ... another main account for running usual programs. ... If you run with limited user ...
    (microsoft.public.windowsxp.general)
  • Re: Myst III, Exile will not launch in Limited User
    ... limited user account(s) to an admin account in Control Panel / User Accounts, ... When your limited user wants to play a game that requires Administrator ... Exile will only work if Son is made Administrator. ...
    (microsoft.public.windowsxp.games)
  • Re: Event 1202 Warnings after Renaming Administrator Acct on SBS2003
    ... policy to rename the account although it is not really necessary or useful. ... Did I check Group Policies for references to the Administrator ... Failed to perform redirection of folder Desktop. ...
    (microsoft.public.windows.server.general)