Re: I thought user security was a holy grail

From: Jerry Bryant [MSFT] (jbryant@online.microsoft.com)
Date: 03/06/03

• Next message: lizzya@sympatico.ca: "halo kitty is this a virus"
• Previous message: Tommy Woodall: "Automatic Updates!"
• In reply to: Kevin K: "Re: I thought user security was a holy grail"
• Next in thread: Bob Byrne: "Re: I thought user security was a holy grail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Jerry Bryant [MSFT]" <jbryant@online.microsoft.com>
Date: Wed, 5 Mar 2003 15:41:09 -0800

Hi Kevin, I was wondering if I could get you to contact me offline. I have a
question for you not related to this issue. Simply remove "online" from my
email address. Thanks!

-- 
Regards,
Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities
Get Secure! www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
"Kevin K" <WMTRP205@NoSpam.com> wrote in message
news:OFPezot4CHA.2112@TK2MSFTNGP10.phx.gbl...
> Hi Adrian,
>
> I apologize for not responding to your post sooner, but I have not had
time
> to go on the newsgroups in the past few days.
> ---------------------------------------------------------------------
> Here is an example. In the example:
>
> Joe is a username with administrative access
> XYZ321 is the password
> program.exe is the program
> program.exe is located in C:\programs
> -----------------------------------------------------
>
> ' Explicit variable declaration and standard globals
> Option Explicit
> Dim g_sComputerName
> Dim g_oShell, g_oFSO, g_oNet
>
> ' Set standard globals and create global objects
> Set g_oShell = CreateObject("Wscript.Shell")
> Set g_oFSO = CreateObject("Scripting.FileSystemObject")
> Set g_oNet = CreateObject("WScript.Network")
>
> g_sComputerName = g_oNet.ComputerName
>
> ' in this example the command prompt is being run as the administrator
> ' on the local computer.
> g_oShell.Run "runas /user:" & g_sComputerName & "\Joe
> C:\programs\program.exe"
> Wscript.Sleep 500
>
> ' change YourPasswordHere to the local computer administrator account
> password
> ' the password must be in the quotation marks
> g_oShell.SendKeys "XYZ321" & "{ENTER}
>
> -------------------------------------------
> The next step is to save and make a shortcut in the limited user
account(s)
> start menu. Then it should work.
>
> -- 
> Kevin
> Please reply to newsgroup so that all may benefit
>
>
> "Adrian C." <4chapfam@cableone.net> wrote in message
> news:072f01c2df47$ab331940$a401280a@phx.gbl...
> > Hello Kevin,
> >
> > I too was frustrated by this phenomenon and was delighted
> > to see there was at least a work-around.  To me it seems
> > obvious that it should default to limited users accessing
> > already installed programs, not to have to force our way
> > in.  But that's beside the point, I'm not sure what I did
> > wrong but I followed your directions and it doesn't work.
> > After giving up late last night, I thought maybe the user
> > name or password or filename shouldn't be in parantheses,
> > but when I looked at your instructions again I see that
> > they are supposed to be there.  I've tried creating a
> > shortcut in the Limited Users root directory, "Start Menu"
> > sub, "Programs" sub sub, and "Startup" sub sub sub.  I
> > even tried to "run" the *.vbs file after logging on as the
> > limited user, but still get the message that administrator
> > rights are needed to run the program.  The only thing I
> > can think of doing different is within the
> > line "\administrator cmd.exe", I've been typing the
> > program name with the .exe after it.  Would it be possible
> > for you to include an actual example (minus the password)?
> >
> > Thanks!
> >
> > >-----Original Message-----
> > >Hi  Bill,
> > >
> > >You can use the Run As command to have the programs run
> > as if the user was
> > >using an admin account. Use this script:
> > >http://msruniv.corp.bcentral.com/Shared%
> > 20Documents/runas_admin_script.vbs.txt
> > >
> > >NOTE: The link may warp. If it does copy and paste it
> > into your browser.
> > >
> > >If you would like to encrypt it (recommended), then visit
> > >http://msdn.microsoft.com/scripting . Click on Downloads
> > on the right side
> > >of the page. Then choose Script Encoder
> > >
> > >----------------------------------------------------------
> > ---------
> > >If you need further instructions, see below:
> > >
> > >Go to the link above and copy the everything there. Paste
> > it into notepad.
> > >
> > >Next, look below where it says ' in this example.....,
> > You will see
> > >"\administrator  cmd.exe". Change administrator to the
> > administrator's user
> > >name and change
> > >cmd.exe to the filename of the program that you want to
> > run.
> > >
> > >Then change YourPasswordHere to your account password.
> > >
> > >Save the file with a .vbs extension and create a shortcut
> > to it in the start
> > >menu of the limited account.
> > >
> > >If you would like to encrypt it so other users cannot
> > view the contents of
> > >the script and get your password, visit
> > http://msdn.microsoft.com/scripting
> > >.. Click on Downloads on the right side of the page. Then
> > choose Script
> > >Encoder.
> > >
> > >-- 
> > >Kevin
> > >Please reply to newsgroup so that all may benefit
> > >
> > >"bill" <temp2@swfla.rr.com> wrote in message
> > >news:079601c2de91$9180d980$8ef82ecf@TK2MSFTNGXA04...
> > >> One of the main causes of my infinite headaches is users
> > >> installing or being tricked into installing programs on
> > >> their computer.  I nearly cried w/ joy when I found out
> > >> that xp would have a "limited" account such that only
> > >> administrators could install programs on the
> > workstation.
> > >> WHAT A GOD SEND.  The problem is that many software
> > >> programs require privileges beyond this to function and
> > >> getting ANYONE from support to tell you which files or
> > >> registry keys require access for the programs to
> > function
> > >> is like asking kindergarteners to solve Schrodenger wave
> > >> equations.  Case in point, virus scanners.  I have found
> > >> out where to give privileges (both directory and
> > registry
> > >> key access requird) so that Norton will auto update but
> > >> manual live updates will fail, no thanks to Symantec
> > but I
> > >> can live with the current status.  I have done the same
> > >> with several other third party programs.  You would
> > think
> > >> that MICROSOFT XP OFFICE PRODUCTS would not have the
> > same
> > >> problem but apparantly you need power user access to
> > >> create a custom border in publisher.  If anyone has an
> > >> idea where to attack this one pls help.  If anyone from
> > >> Microsoft reads this GET A CLUE.  Pulling read-only
> > wmf's
> > >> from a cd to create border art should not be done to a
> > >> secure folder.  What flippin' good does it do to limit a
> > >> drunk's access to alcohol if he has to chug a quart in
> > >> order to leave his house.  I AM SICK TO DEATH OF TRYING
> > TO
> > >> IMPLEMENT STRATEGIES ONLY TO HAVE A 5% REQUIREMENT WIPE
> > >> OUT 95% OF THE WORK.  If there is any software vender
> > that
> > >> should be writing software that works within Microsoft's
> > >> security structure IT SHOULD BE MICROSOFT.  I don't have
> > >> to give my kids the password to the brokerage account to
> > >> operate the lawnmower on the weekend and I shouldh't
> > have
> > >> to give high-level security access to a user for them to
> > >> put a shamrock border around a calendar file they
> > created.
> > >>
> > >> tks, I feel vented.  Any suggestions welcome.
> > >
> > >
> > >.
> > >
>
>

• Next message: lizzya@sympatico.ca: "halo kitty is this a virus"
• Previous message: Tommy Woodall: "Automatic Updates!"
• In reply to: Kevin K: "Re: I thought user security was a holy grail"
• Next in thread: Bob Byrne: "Re: I thought user security was a holy grail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint