Educause Security Discussion mailing list archives
Re: Windows "Run As" Command
From: Kevin Moulton <kevin.moulton () ORACLE COM>
Date: Mon, 16 Apr 2007 18:02:15 -0400
I've used RunAs quite successfully in scripts but protected myself by storing the the user ID and password encrypted in the registry, and then used VBScript calls in the scripts to use that data. If you'd like, I can see if I can find some of those old scripts. It was a few years back, but I probably have some scripts around here somewhere. Kevin Moulton Manager, Security Solution Specialists North America Strategic Accounts Oracle Corporation Phone: 973-216-3124 -----Original Message----- From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU] Sent: Monday, April 16, 2007 4:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows "Run As" Command Thanks again. Harold At 03:56 PM 4/16/2007, you wrote:
Absolutely, Harold! In addition, using RunAs or CPAU.exe to access administrator privileges with locally stored credentials (as in CPAU's -profile option) in text files is probably not a good idea, as that exposes those credentials in the limited user context. If you practice least privilege, even your system and network admins would work from a limited user account and only access local or domain administrative privileges using RunAs. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU] Sent: Monday, April 16, 2007 12:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows "Run As" Command Thanks for your quick response. Given that, I don't see it would be a viable option for an enduser who is not authorized to have admin access. Harold At 02:59 PM 4/16/2007, you wrote:Yes and then some!! It is intended for an Administrator to be able to accomplish administrative tasks on a machine, without having to log thecurrent user off. For example, if user are not allowed to install programs, an administrator could use his "domain admin" account or the local administrator account to install the program without the user having to log off. It can be used to open explorer to browse network resources with different credentials that the current logged on users may not have access to. It has several benefits. See this: http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/se cl ogon.mspx V/R, Gibby Nathan J. Gibson, CISSP-CCNA-MCSA Information Security Analyst University of Oklahoma HSC Office: (405) 271-2476 | Fax: (405) 271-2181 | Cell: (405) 397 5134 http://it.ouhsc.edu/services/infosecurity Confidentiality Notice This e-mail, including any attachments, contains information from the University of Oklahoma Health Sciences Center, which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distributionor use of the contents of this information is prohibited. If you have received this e-mail in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments. -----Original Message----- From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU] Sent: Monday, April 16, 2007 1:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows "Run As" Command I'm looking for input on the Windows "Run As" command. We haven't used it and what to verify how it works - if I understand correctly, the enduser would need to know the name and password of an account that has local Windows administrator privilege in order to makeuse of the "Run As" feature? Thanks, Harold Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Current thread:
- Windows "Run As" Command Harold Winshel (Apr 16)
- <Possible follow-ups>
- Re: Windows "Run As" Command Gibson, Nathan J. (HSC) (Apr 16)
- Re: Windows "Run As" Command Everett, Alex (Apr 16)
- Re: Windows "Run As" Command Harold Winshel (Apr 16)
- Re: Windows "Run As" Command Julian Thompson (Apr 16)
- Re: Windows "Run As" Command Pace, Guy (Apr 16)
- Re: Windows "Run As" Command Harold Winshel (Apr 16)
- Re: Windows "Run As" Command Kevin Moulton (Apr 16)