Graphiciizing su for NT WAS: RE: XML in IE 5.0

[tis3 () CDC GOV (SanMillan, Todd)]

It is possible to run 2 (or more) complete desktops as your self and another
user (like domain admin) with res kit utils.  Most people have mentioned the
su included in the res kit, you just have to combine it with a desktop
switcher like vdesk (also res kit).  Switch to another desktop, run explorer
via su and viola a fully graphical environment (the first explorer run
creates the desktop, and subsequent ones open file explorer windows)

A way to be two different users at once on the same NT machine.
As a user with local administrator rights:
1. Install the Windows NT Resource Kit (these directions are only accurate
for Supplements 2 and 3)
2. Run the following command: suss.exe -install
3. Open User Manager, select the local machine and add the following rights
to the user who will run vdesk (normally the standard user ID) .
        1.  "Act as part of the operating system"
        2.  "Increase quotas"
        3.  "Replace a process level token"
        (Note: the user has to log in again before these rights take effect)
4. Open regedt32 and add the following key:
\\hkey_current_user
        software
                microsoft
                        vdesk
                                desktop2
                                        task1   "cmd"
5.  Log off and log back in as your normal user.
6.  Run the command vdesk ,  hit ctrl-F2, you should see a blank desktop
with a command window. Type
 su new_user_ID "explorer" (the word explorer must be in quotes. Replace
new_user_ID with the userID of the second user, for example administrator).
You will be asked for the password for the second user.  The desktop for the
second user should start and everything on this desktop will operate in the
context of the second user.
7. to get back to your normal desktop, hit ctrl-F1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
8. Security note:  logging out does not clear the credentials for the second
user (usually one with elevated privileges).  When you log back on and run
vdesk the second user does not have to enter a password. The only way to
clear the credentials is to restart the machine.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!

--
Todd SanMillan - Network Security Specialist
U. S. Centers for Disease Control and Prevention - http://www.cdc.gov

tis3 () cdc gov
(404) 639-7802 (voice)
(404) 318-4238 (pager)
(404) 639-7711 ( fax)