Microsoft first introduced an operating environment named Windows in November 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces (GUIs). Windows is a family of products ranging from Mobile devices, desktop computers and Servers.

Tags | |

SUID for Windows or Set runas perminently


One of the harder issues for a Linux administrator converting to Windows administration is trying to do the same things that are you use to doing in Linux.



One good example is suid or setting "The sticky bit". For the un-linux savvy, SUID allows an administrator to allow files or applications to be run as the objects owner or group. Another way of thinking of this in a more windows-centric way would be to set the runas command to be permanent for a given script or executable.



You won't be able to do this using the contextual menu. You need to use the command prompt by selecting run from the start menu and entering CMD in the prompt.



Next enter the following command:


RUNAS /savecred /user:administrator cmd


This example, once run and the password entered, would allow any user to run the command prompt as the user administrator.



The next time that any user goes to the command prompt and tries to enter the same command "RUNAS /savecred /user:administrator cmd" they will be able to do so with out having to enter the password. You can apply this same method to a shortcut link on he desktop.



An example would be to create a shortcut to CMD and place that on the users desktop. The shortcut would actually trigger the command listed above though.




If the function you are trying to run has spaces or double quotes like the following example:

RUNAS /savecred /user:administrator "notepad "C:\Documents and Settings\user\Desktop\note.txt""


It would fail, to correct this use the backslash character to escape the double quote:


RUNAS /savecred /user:administrator "notepad \"C:\Documents and Settings\user\Desktop\note.txt"\"


If the command has a double quote in the switches:



RUNAS /savecred /user:administrator "netsh interface ip set address "Local Area Connection" static
192.168.0.10"


Use a tripple quote to allow the command to run:



RUNAS /savecred /user:administrator "netsh interface ip set address """Local Area Connection""" static
192.168.0.10"



It's really important to stress, just as in the Linux environment you never give this kind of permission with out considering the security implications. In the above example you would be allowing anyone to execute the command line as an administrator, a major no no. Further any applications spawned from the command line would inherit the permission of admin, thus if I ran virsus.exe, it would be executed with administrative permission.


Comments

From X
2010-08-30 02:24:54

This is a huge security hole. If you save credentials for admin to use "runas /savecred /user:administrator benignapp", there's nothing to stop a malicious script from doing "runas /savecred /user:administrator downloaded-virus.exe". It's like a global SUID bit!

Feel free to leave a comment or question

Name: (Optional but appreciated):

Comment:

Use [code] [/code] for code block style



Security Code: