Re: More of Massimo's phlogisticated uber-crunk.

From: Massimo (barone_at_mclink.it)
Date: 01/31/05 

Date: Mon, 31 Jan 2005 01:31:35 +0100

"tom" <cyberhun@shaw.ca> ha scritto nel messaggio
news:4weLd.223805$Xk.4451@pd7tw3no...

> If you are unhappy with my response to your input, why don't you just
> ignore it? Does it mean THAT much to you? It would be better for you if
> you did because every time you come back, you do so with an even more
> ridiculous pile-of-nonsense than the previous one. Listen, can't you hear
> everyone laughing at you?

No, I can't. Because nobody is.

> Here's an example of what I mean;
> You say:
> ------------------------------
>> RUNAS is not a "method for running programs securely", although it can
>> sometimes be used to accomplish this. It's an utility to run programs
>> using a user account different from the one you're logged in as.
> ------------------------------
> This is a verbatim quote from the MS help file on the command Runas. This
> is the LEAD PARAGRAPH:
> ------------------------------
> When you run Microsoft Windows XP Service Pack 2 (SP2) using the Computer
> administrator account, your computer is more vulnerable to viruses and
> other security risks than when you use the Limited account. For example,
> if you are using the Computer administrator account when you visit a Web
> site that contains a virus, a Trojan horse might be installed on your
> computer where it could do things like reformat your hard drive, delete
> all your files, or create a new user account with administrative access.
> By contrast, if you are using the Limited account when you visit an
> Internet site that contains a virus, your computer is less likely to be
> infected by it.
> -------------------------------

That's completely true. I didn't negate you can use RUNAS to run programs in
a limited-user context. But RUNAS is a more general-purpose utility, which
purpose is, actually, to run programs as any user different from the one
you're logged in as.

> Clearly, the single most important reason, according to MS, for switching
> usr accts, is to run a given application (IE6, like in the MS example)
> MORE SECURELY.

That's not true. The main purpose of RUNAS is, as I stated, to temporarily
elevate your privileges when needed, because you should anyway be using a
non-administrator account for everyday use. And although many people
actually use administrator accounts to run their home systems, this is
particularly useful in a domain environment, where it's definitely dangerous
to use a domain admin account to, say, check your e-mail.

> As opposed to your assertion that "runas is not a method for running
> programs more securely".

That's not its main purpose, nor is RUNAS limited to doing that. But it can
be used for that purpose, although with some limitations where user-specific
data and settings are involved.

> Massimo, I'm sure you mean well, and you do have some knowledge of
> computers. Thankyou for your effort, but please find someone else to
> harangue with your phlogisticated uber-crunk.

You're free to think anything you like about RUNAS. But it won't help you
manage your bookmarks or your e-mail, because different user accounts are
involved when you use RUNAS, and IE and OE's settings and data are
user-specific.
That's it, plain and simple.

By the way, I've been using RUNAS since NT4. You're seeing it now for the
first time, and think it's a security feature of Windows XP SP2... it's a
lot older, and much more useful than you think. Here are some links on the
topic:

http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_gvra.asp

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/mmc_runas.asp

And here's something concerning your problem; as you can see, user profiles
*are* involved when using RUNAS:

http://support.microsoft.com/default.aspx?scid=kb;en-us;254094

Massimo

Relevant Pages

  • More of Massimos phlogisticated uber-crunk.
    ... > using a user account different from the one you're logged in as. ... This is a verbatim quote from the MS help file on the command Runas. ... administrator account, your computer is more vulnerable to viruses and other ...
    (microsoft.public.windowsxp.security_admin)
  • Re: encryption/firewall question
    ... There really is not that much to the use of RunAs. ... You can make a shortcut to anything ... you will be prompted for an account and password. ... If you start / run cmd and in the cmd window enter ...
    (microsoft.public.windowsxp.security_admin)
  • Re: runas difficulties...differences in command vs. right-click
    ... password for an admin account, and can then log in with ... specify to run with different credentials (use runas). ... control than the use of the other tab in the shortcut properties. ... > If, on the other hand, I enter the runas command into the Target ...
    (microsoft.public.windowsxp.security_admin)
  • Re: "DropMyRights" slows IE browsing to a crawl
    ... > I'm not sure why using RunAs wouldn't work just as well. ... > you run the application under a reduced set of permissions. ... > Just pick an account that exists that has the reduced permissions that you ... like Guest or one you create that is in the restricted Users group. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: User acces to internet
    ... Try RunAs. ... >> I have an administrators account with XP Home and can access the internet ... > out to be two files in two folders down in the game directory. ...
    (microsoft.public.windowsxp.general)