runas command on local machine

  • Thread starter Thread starter Grace Overstreet
  • Start date Start date
G

Grace Overstreet

Running win2k server - workstation is win2k pro

I have a application that requires administrative access on the local
machine in order to run.
I don't want the users having admin access.
Is there a way to get the admin password into the runas command by default?

I have searched and searched and have not been able to find a way to
accomplish this.
I have given the user full control permissions on that particular program
file and that doesn't do it either.


Thanks
 
Here's a way to run RUNAS without a password, from the FAQ:

http://securityadmin.info/faq.htm#runas

However, this is not 100% secure necessarily, and there may be a better way.
Just giving rights over the .EXE file and folder isn't enough. You should
call the vendor and demand they tell you what permissions are required, or
else you will evaluate competitors' products. And/or, run the application
while running the free utilities regmon, filemon and process explorer from
www.sysinternals.com to see what it is doing. Very possibly you need to
grant additional write permissions to various registry keys. Enabling file
and registry auditing might be useful as well:

http://securityadmin.info/faq.htm#auditing
 
I have tried the utility regmon.The program was using hundreds of different
keys... impossible
I have talked with the vendor till I am blue in the face.

The one thing I got from your link was ... to use SU.exe - or buy a program
that will allow it. Is that correct?
I will need to find SU.exe and see how it works.
Have you used any of the programs you offered as a suggestion?
Thanks



Karl Levinson [x y] mvp said:
Here's a way to run RUNAS without a password, from the FAQ:

http://securityadmin.info/faq.htm#runas

However, this is not 100% secure necessarily, and there may be a better way.
Just giving rights over the .EXE file and folder isn't enough. You should
call the vendor and demand they tell you what permissions are required, or
else you will evaluate competitors' products. And/or, run the application
while running the free utilities regmon, filemon and process explorer from
www.sysinternals.com to see what it is doing. Very possibly you need to
grant additional write permissions to various registry keys. Enabling file
and registry auditing might be useful as well:

http://securityadmin.info/faq.htm#auditing


Grace Overstreet said:
Running win2k server - workstation is win2k pro

I have a application that requires administrative access on the local
machine in order to run.
I don't want the users having admin access.
Is there a way to get the admin password into the runas command by default?

I have searched and searched and have not been able to find a way to
accomplish this.
I have given the user full control permissions on that particular program
file and that doesn't do it either.


Thanks
 
SU.exe (from the resource kit) requires that the client have the suss
service running, this is way to much overhead for a simple patch install.
any clue on how to make this work in a login script without giving away all
the rights to the users?


Grace Overstreet said:
I have tried the utility regmon.The program was using hundreds of different
keys... impossible
I have talked with the vendor till I am blue in the face.

The one thing I got from your link was ... to use SU.exe - or buy a program
that will allow it. Is that correct?
I will need to find SU.exe and see how it works.
Have you used any of the programs you offered as a suggestion?
Thanks



Karl Levinson [x y] mvp said:
Here's a way to run RUNAS without a password, from the FAQ:

http://securityadmin.info/faq.htm#runas

However, this is not 100% secure necessarily, and there may be a better way.
Just giving rights over the .EXE file and folder isn't enough. You should
call the vendor and demand they tell you what permissions are required, or
else you will evaluate competitors' products. And/or, run the application
while running the free utilities regmon, filemon and process explorer from
www.sysinternals.com to see what it is doing. Very possibly you need to
grant additional write permissions to various registry keys. Enabling file
and registry auditing might be useful as well:

http://securityadmin.info/faq.htm#auditing


Grace Overstreet said:
Running win2k server - workstation is win2k pro

I have a application that requires administrative access on the local
machine in order to run.
I don't want the users having admin access.
Is there a way to get the admin password into the runas command by default?

I have searched and searched and have not been able to find a way to
accomplish this.
I have given the user full control permissions on that particular program
file and that doesn't do it either.


Thanks
 
Back
Top