Solved

runas, sum of rights?

Posted on 2004-09-24
7
281 Views
Last Modified: 2013-12-04
A program must run as a local admin on a client AND
with rights granted by a script account.

How can I start this program in the login script?

The user is a local administrator.  

I'm looking runas.  If I use it and use the script account,
will local admin rights sum with the script account rights?



0
Comment
Question by:hank1
  • 3
  • 2
  • 2
7 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 12142769
Hi hank1,
why not run it as a service, then you can runit under whatever account you like?

How to run a program as a Service


The Windows NT Resource Kit provides two utilities that allow you to create a Windows NT user-defined service for Windows NT applications and some 16-bit applications (but not for batch files).

Instrsrv.exe installs and removes system services from Windows NT and Srvany.exe allows any Windows NT application to run as a service.


HOWTO: Create a User-Defined Service
http://support.microsoft.com/default.aspx?scid=kb;en-us;137890

**********

To remotely create and start a service from the command line, you can use the SC tool (Sc.exe) included in the Resource Kit.

Although you can use the Netsvc.exe and Instsrv.exe tools to start a service on a remote computer, these tools do not give you the ability to remotely create a service.


How to Create a Windows Service Using Sc.exe
http://support.microsoft.com/?kbid=251192

**********Third Party Solutions**********

Service Mill from http://www.activeplus.com/default.asp?Jump=ServiceMill
FireDaemon from http://www.firedaemon.com/

**********

PeteL
0
 
LVL 1

Author Comment

by:hank1
ID: 12143932
That's an alternative.  Do you have a handle
on this rights deal?  Does it sum?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12144467
to use run as you might be able to script it but it would mean having the password in the script which aint very secure :(
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 1

Author Comment

by:hank1
ID: 12145373
That's why we have a script account with limited
access.

Unix has a 'sticky' bit that allows these kinds of
things.  Service is the only way?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12145416
aaah the sticky bit <pete gets all nostagic aout his HPUX day>

Id plumb for a service and run it under the system account then if the local admin password is changed it wont fall over
0
 
LVL 12

Expert Comment

by:alandc
ID: 12227333
One way to get SYSTEM level rights or execute with specific user rights are to create it as a SERVICE.

The other is is RUNAS
The RunAs program runs a program as a different user, requiring the correct domain, user name, and password.
The user will be prompted for any REQUIRED value that was not entered on the command line.

USAGE:
runas /U username /P password /D domainname /E exename /A arguments [/W] [/I] [/?]

COMMAND OPTIONS:
/U username Gets user name as input
/P password Gets new password as input
/D domainname Gets domain name as input
/E exename Gets program (.exe) name with full path
/A arguments Arguments to pass program. This MUST be the last argument on the command line.
/I Interactive Mode
/W WAIT for Process Exit
/? Displays text help file
0
 
LVL 12

Accepted Solution

by:
alandc earned 50 total points
ID: 12227357
To answer your question there is no SUM of rights.  The process will run with THE rights ONLY of the one logged in to the process.  If SYSTEM then SYSTEM, if scripted then USER, if runas LOCAL_ADMIN then LOCAL_ADMIN but there is no mixed mode. Each process executes under it's own specified user rights.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Reset local admin win7 pro 6 83
Are there any suspicious programs running on a Windows computer? 6 76
Assess risks for an e-Payment system 15 106
firewall inside of network 9 73
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now