Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE : Executing app with admin privileges

from [MARTEAU Jean-Louis] Network Security [Permanent Link]
Subject: RE : Executing app with admin privileges
Date: Tue, 25 Jul 2006 09:32:04 +0200 
Try  cpau  (http://www.joeware.net/win/free/tools/cpau.htm)


Jean-Louis MARTEAU
@ : jmarteau@ciments-calcia.fr



-----Message d'origine-----
De : Christopher Rector [mailto:crector@siumed.edu] 
Envoyé : lundi 24 juillet 2006 21:40
À : security-basics@securityfocus.com
Objet : Re: Executing app with admin privileges


Why not use something that encrypts the admin password, there are 
several secure run-as utilities available on 
http://www.commandline.co.uk/sanur/

In this case I would create Logon script for the application, change the 
icon to whatever the original icon for the program is and place the new 
application start up file where ever it's needed.

But the best solution is to use regmon/filemon (www.sysinternals.com) to 
find the keys/files that require admin rights to execute and set 
security permissions on those keys/files/folders as needed to get the 
application to run correctly.

In every case I've ever run into like this, I've only had two instances 
where I couldn't get the application to work correctly just by setting 
the correct file/registry permissions (Palm Desktop and one other 
specialized application only on an XP box). It just takes a little bit 
of time and effort to find the files and keys that you need to change 
permissions on.

Using the secure run-as allowed me to run the application as a box admin 
without providing my users with any additional rights or passwords to 
login as an admin.  It's not perfect but it did what it was intended to do.

Wesley Ward wrote:


This is correct, the problem lies with giving the end user the account 
info to use the run as on the executable. By giving the end user these
credentials, you are giving them admin rights to that machine.   

-----Original Message-----
From: David Smith [mailto:nich95ds@gmail.com]
Sent: Friday, July 21, 2006 3:44 PM
To: 'Jeffrey Wei'; security-basics@securityfocus.com
Subject: RE: Executing app with admin privileges

If I understand the Run As feature correctly, it gives a user "full 
local admin privileges in order for (the app) to run". It does that and 
only that. If a user needs admin privileges to run the app, right-click 
the executable, click Run As, and select an Admin or a user with admin
privileges. It's not actually giving the user full admin privileges to
the machine. It's only to run the app. Can someone correct me if I'm
wrong?

-----Original Message-----
From: Jeffrey Wei [mailto:jeffrey.wei@cubic.com]
Sent: Friday, July 21, 2006 11:48 AM
To: security-basics@securityfocus.com
Subject: RE: Executing app with admin privileges

Our company recently had a need to do what you've described below as 
one of our in-house developed software absolutely requires full local 
admin privileges in order for it to run properly and getting the 
software re-tooled would take too much time and $$...

So, to get around that, I've found a free program called MS Toolkit 
(you should be able to google it) and utilize its configurations to 
limit access for a specific XP Pro user account that was given full 
local admin privileges, but locked down using the toolkit.  You'll need 
to manipulate it a little to allow the specific software in question, 
but it wouldn't be hard at all.


Jeffrey Wei

-----Original Message-----
From: Dummy cerberus [mailto:dummycerberus@gmail.com]
Sent: Thursday, July 20, 2006 1:56 AM
To: security-basics@securityfocus.com
Subject: Executing app with admin privileges

Hello everyone,

I have come across with the following problem:

I work at the systems department, and we MUST host every stupid 
application that is developed all over the organisation... most of the 
times with no common criteria at all, neither with common sense.

Now, we have to install a client/server application, and it has been 
developed in such a way, that the user who executes the client side, 
has to have "local admin/advanced user" privileges on the desktop where 
he is executing it...

There's no way to modify that application, so I wonder whether or not 
there is a tool that could allow me to configure the system in such a 
way that all the users could execute that application, without giving 
them "local admin/advanced user" privileges for the whole system (only 
for that stupid application).

I wonder if there's a way to acomplish that wether with AD policies or 
third party tools (better if free ;-)

Thanks in advance, and best regards

-----------------------------------------------------------------------
-
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has 
designated Norwich University a center of Academic Excellence in 
Information Security. Our program offers unparalleled Infosec 
management education and the case study affords you unmatched 
consulting experience. Using interactive e-Learning technology, you can 
earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
-----------------------------------------------------------------------
-
---

---
[This E-mail scanned for Spam and Viruses by 
http://www.innovationnetworks.ca]


-----------------------------------------------------------------------
-
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has 
designated Norwich University a center of Academic Excellence in 
Information Security. Our program offers unparalleled Infosec 
management education and the case study affords you unmatched 
consulting experience. Using interactive e-Learning technology, you can 
earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
-----------------------------------------------------------------------
-
---

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.3/394 - Release Date: 
7/20/2006


 



-- 
Christopher Rector, MCSE
Computer Information Specialist
Southern Illinois University
School of Medicine
Department of Ob/Gyn
217-545-9182


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How Windows Password Cracking Programs Work, Dharmesh Sampat
Next by Date:  Re: using Skype, hosted voip, etc. in SMB, Morgan Reed
Previous by Thread:  Re: Executing app with admin privileges, Christopher Rector
Next by Thread:  RE: Executing app with admin privileges, Gaydosh, Adam
Indexes:  [Date] [Thread] [Top] [All Lists]