Announcement

Collapse
No announcement yet.

Rights & Permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Rights & Permissions

    Hi,

    I have a problem situation:

    ::Scenario::
    I have 2 ISPs in office. If one goes down then we switch to the other one.
    I have made a simple VB application which switches ISPs using Netsh.

    ::Problem::
    The 2k3 server requires admin right for me to run this application (netsh).
    I want this application to be able to execute without admin right (by other non-admin users when I am out of office).

    I have some more applications which require Admin rights to run.
    But I need these application to be run by non-Admin users without giving them admin login.

    I am sure many members of this forum must have come across this situation.

    What settings should I use to set this up.
    Pls advice.

    Thx
    Sandeep

  • #2
    Re: Rights & Permissions

    You want your user to login as someone who is not in the Adminstrators group, so he would then need to run the script as if he were the administrator, am I correct? If so, you need to use the RunAs command, which normally requires the user to type in the password. But of course that is not what you want because you do not want to tell the user the password. There is a solution to this.

    You can make sure the user never knows the password for the Adminstrator account by using the /savecred switch of the RunAs command and then you will be giving that user the power to run the program as if he were the administrator. Once you have set this up, put a shortcut on that user's desktop so when he logs in with his own credentials, he will be able to launch the shortcut and it will run in the context of Administrator without him knowing the password.

    I hope this makes sense, and do be aware of a security hole which is detailed here: See http://searchwindowssecurity.techtar...185026,00.html.

    Now, to avoid falling into that security hole, you can get an equivalent of RunAs but it can make an encrypted file for you, which includes the password. Read all of this: http://www.joeware.net/win/free/tools/cpau.htm and this tool is free.
    Last edited by PaulH; 13th February 2007, 21:12. Reason: Enhanced the answer.
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

    Comment


    • #3
      Re: Rights & Permissions

      Another solution using RunAs, that I proposed already in the forums, is to write a CMD file with the runas [..] netsh [...] and to compile it into an executable COM.
      You can use one of the BAT to COM/EXE converters available.
      As it was already stated by good guys here, with enough patience, a user can decrypt the COM file and get the password.
      Your call...

      Sorin Solomon


      In order to succeed, your desire for success should be greater than your fear of failure.
      -

      Comment


      • #4
        Re: Rights & Permissions

        Hi Sorin,

        I'm confused now .

        I didn't think RunAs had a /password: switch nor could the password be piped into the runas command using a pipe or a redrector. So what would the command line be before you compile it?

        I have had a look at other forum threads and they refer to a /password: switch which I do not see in the MS documentation for RunAs. hmmm...
        Best wishes,
        PaulH.
        MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

        Comment


        • #5
          Re: Rights & Permissions


          You're right, of course.
          I remembered I did something like this for my kids' computer, to run something with my credentials... I went and checked, I used there a replacement, RunAsSPC. The software's license is problematic for an institution, but free for home use...
          BTW, I recall now that it was said that the /password option was left intentionally out, because MS people knew that sooner or later someone will try to write the password in a batch file
          Another solution might be Sanur (read it backwards ), but it's discontinued...

          Sorin Solomon


          In order to succeed, your desire for success should be greater than your fear of failure.
          -

          Comment


          • #6
            Re: Rights & Permissions

            Thanks for clarifying - I think for Sandeep (and many others), CPAU (link in my previous post) would be great. I need to read it more carefully, but I think it is totally free.
            Best wishes,
            PaulH.
            MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

            Comment


            • #7
              Re: Rights & Permissions

              RUNAS for Windows 2000 had a "/password" switch. They (sensibly) took it out for later versions.


              Tom
              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

              Anything you say will be misquoted and used against you

              Comment


              • #8
                Re: Rights & Permissions

                PaulH, Sorinso, Stonelaughter,

                This is just what I was needing and it worked.

                Thx a ton.

                regards,
                Sandeep

                Comment


                • #9
                  Re: Rights & Permissions

                  Glad it was good. If you like, you can give helpful people some extra points by clicking on the YinYang symbol in the blue bar on their posts.

                  Best wishes,
                  Best wishes,
                  PaulH.
                  MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                  Comment

                  Working...
                  X