fl4ian
asked on
Always "run as" administrator - "run as..." function of W2K
i essentially want to know how to set up a shortcut to run a program EVERY TIME as administrator where the user DOES NOT have to input the password to authenticate the administrator...
please advise.
there's another question, in the XP section that is very similar, but with bad hyperlinks as the solution. the question was 21009592.
please advise.
there's another question, in the XP section that is very similar, but with bad hyperlinks as the solution. the question was 21009592.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No offense AlfaLAN because you are right, /savecred is a huge security hole. I never realized this nuance until now. Thx.
I'm not sure that sanur is the answer though because you have to enter the password in plaintext.
I guess it just points up why it's not a good idea to let regular users have admin privileges, it's just not a good idea.
fl4ian, can you expand a little on what you are trying to accomplish?
I'm not sure that sanur is the answer though because you have to enter the password in plaintext.
I guess it just points up why it's not a good idea to let regular users have admin privileges, it's just not a good idea.
fl4ian, can you expand a little on what you are trying to accomplish?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
AlfaLAN, excellent post. I'm really glad to to have bumped into you here. Thx for the info.
Thank you! Out of own personal interest, can anybody top it off???
It's been quite quiet around this question for some time now...
& I'm eager to start using the searchfacility if U Know what I mean ;-)
It's been quite quiet around this question for some time now...
& I'm eager to start using the searchfacility if U Know what I mean ;-)
You could also go for Runas Professional:
http://www.mast-computer.com
Or a 'simplified' scripting solution like I mentioned using:
http://www.adminscripteditor.com
http://www.mast-computer.com
Or a 'simplified' scripting solution like I mentioned using:
http://www.adminscripteditor.com
ASKER
i ended up creating an additional admin account and setting that password to the same one that the user usually uses to log in.
when they run the program shortcut (with the save-as switch), they have to enter the password (which is the same as the general login).
1) i implemented this after reading the first comment.
2) i haven't been back at this site yet to do more experimentation
3) alphalan, you definitely know you're stuff, but i wonder if i need to go to such a degree when savecred is easy. espeically with a small office (less than 8 people, none of which are tech savvy), and behind a firebox...
as a result i'm splitting/adding points.
when they run the program shortcut (with the save-as switch), they have to enter the password (which is the same as the general login).
1) i implemented this after reading the first comment.
2) i haven't been back at this site yet to do more experimentation
3) alphalan, you definitely know you're stuff, but i wonder if i need to go to such a degree when savecred is easy. espeically with a small office (less than 8 people, none of which are tech savvy), and behind a firebox...
as a result i'm splitting/adding points.
ASKER
apparently, i can't add more points since it's alread at 500, sorry.
1) Whoow!!! Good on you! Hope putting /savecred behind a shortcut did'nt take up to much of your time...
2) If you would have read the site-rules you know you don't abandon a post for almost 2 weeks..
3) My name is ALFALAN!!!!!!!!! And if you would have actually participated in your topic, and READ the comments you would most defenetly not ask your third question since it is already extensively awnsered.
"i ended up creating an additional admin account and setting that password to the same one that the user usually uses to log in....?!?!?!?!" Why not give the user the adminpassword instead of creating an additional security-risk????
It is also easy NOT to lock your frontdoor; You don't need those bloody key's, you don't need to get up to open the door to visitors and so on...
PS: your firebox ain't gonna blok malicious webscripts/email (just to mention some everyday risks) (GRIN :-) )....
I write them to (for intranet-support-applicati ons) and can assure you I can modify almost anything on your computer through a vbs/js/activex (and now experimenting with flashscript to hide my source) in html. How did you think browserhijacking (for example) works ???
PS2: the most irritating part however is that you start realising what you are doing, and/or if you would simply take the effort + 15 mins of your time to test one of the other solutions, I know for shure you will stop using this solution, and start using one of mine (probably suss.exe). And in that case: Where are my earned points?
2) If you would have read the site-rules you know you don't abandon a post for almost 2 weeks..
3) My name is ALFALAN!!!!!!!!! And if you would have actually participated in your topic, and READ the comments you would most defenetly not ask your third question since it is already extensively awnsered.
"i ended up creating an additional admin account and setting that password to the same one that the user usually uses to log in....?!?!?!?!" Why not give the user the adminpassword instead of creating an additional security-risk????
It is also easy NOT to lock your frontdoor; You don't need those bloody key's, you don't need to get up to open the door to visitors and so on...
PS: your firebox ain't gonna blok malicious webscripts/email (just to mention some everyday risks) (GRIN :-) )....
I write them to (for intranet-support-applicati
PS2: the most irritating part however is that you start realising what you are doing, and/or if you would simply take the effort + 15 mins of your time to test one of the other solutions, I know for shure you will stop using this solution, and start using one of mine (probably suss.exe). And in that case: Where are my earned points?
ASKER
alfalan...
1) get over yourself.
2) read number 2 of my second to last comment.
1) get over yourself.
2) read number 2 of my second to last comment.
From now on any webpage/javascript/vbscrip
CreateProcess("runas.exe",
This since savecred is NOT limited to the application where it was initially used for.
So after starting (for instance) the scannerapplication as admin with the /savecred switch,
the user can press winkey+r and run anything he/she wants as admin hereby VERY EFFECTIVELY bypassing all (local) security.
I have some tools that can do the job like sanur.