"Run as" utility

[Jeff Vandervoort]

I ran across a utility somewhere on the Internet that allows you to run a
script or batch file with alternate (e.g. administrative) credentials on
Win2K/XP without the user having to enter a password. As I recall, it
compiled the script into a .exe file so the user would run the .exe and the
..exe would run the script under the secondary credentials. Of course, now
that I need it, I can't find any trace of it.

Anybody familiar with something like this that could give me a URL?

TIA

 

[Vanguard]

I ran across a utility somewhere on the Internet that allows you to
run a script or batch file with alternate (e.g. administrative)
credentials on Win2K/XP without the user having to enter a password.
As I recall, it compiled the script into a .exe file so the user
would run the .exe and the .exe would run the script under the
secondary credentials. Of course, now that I need it, I can't find
any trace of it.

Anybody familiar with something like this that could give me a URL?

TIA

One solution is to use the Substitute User utility (su.exe) from the
resource kit; I haven't used it so I don't know if it obviates the need
to supply the password or allows you to specify it without getting
prompted for it. The other is to use the Task Scheduler to define a
task that runs under the other account; you have to specify the password
because obviously the scheduled task is supposed to run in the
background and not prompt you for a password. You could then either
right-click and Run that task immediately or just schedule it whenever
your want. See http://www.jsiinc.com/SUBG/TIP3000/rh3063.htm for
details.

If you find this other utility to encode the password into an .exe to
use as a substitute for RunAs, be sure you protect it well. Hopefully
you realize that any program that could be encoded with the password for
an account in the Administrators group for your machine would then be a
skeleton key to unlock just about anything a thief would want to do on
your machine. You would need not only to place it in a directory where
only you had permissions to read that directory (and all files under it)
but you would also have to use EFS (encrypted file system) to ensure no
one can get it by moving your hard drive to another machine that loads a
different instance of Windows. Windows is only secure regarding its
permissions if *that* instance of Windows [registry] is used under which
the permissions were defined. EFS, however, won't be readable on
another machine unless you have exported the security certificate off
the original machine and imported them to the "thief" machine to then
decrypt and read the EFS-protected directories and files. If you don't
protect that program with the encoded password, you might as well as use
TweakUI to configure Windows 2000 to always logon under Administrator
without having to supply the password for the logon dialog - and leave
your system wide open for anyone to use.

 

[erebus]

\winnt\system32\runas.exe

 

[splatter]

\winnt\system32\runas.exe

doesn't work he wants something like "su", because runas doesn't allow
passing credentials automatically.
Try here
http://www.mkssoftware.com/
hth
dp

 

[Jeff Vandervoort]

Thanks, all.

Correct: Runas won't work because I'm not there to enter the password.

SU requires a service on the remote PCs...a service that's not there.

The utility I'm thinking of encrypted the script file and compiled it into
the .exe. The resulting .exe did not run anything except the script that was
inside it.

 

[Jeff Vandervoort]

Thanks for the search string, Splatter. I didn't turn up anything with it,
at least not at Google.

 

[Bruce]

The software you are looking for is called NetExec.

See http://www.netexec.de/

Thanks,

Bruce.

 

[Jeff Vandervoort]

Bruce, thanks for your reply. NetExec looks like it can do what I'm looking
for...but I think I just found a freeware solution, and free happens to be
my clients' favorite price!

This page...

http://cwashington.netreach.net/main/tools/default.asp?topic=n-z

....includes a DLL that lets a VBScript run in elevated credentials
(SFImpersonator.zip) and a utility for encrypting the .VBS file (or any
other file, such as a .BAT file that calls PSexec.exe) using MS's Crypto API
(rc4se.zip). (Other interesting script resources there, too.)

Just found the freeware tonight but I'm going to play with it tomorrow (or
soon) and I'll post what I learn in this thread.

 

[Jeff Vandervoort]

Oops, rc4se won't work....decrypting the script requires a password. I'll
take a closer look at NetExec.

 

[x y, mvp]

I haven't seen the entire thread, but you can set up Runas to run without
the user knowing the password, though any method of doing this without
requiring a password can be prone to security problems.

http://securityadmin.info/faq.htm#runas