runas

Allow User To Run Applicaton as Administrator Without a Password

Wayne Zimmerman Leave a comment

A few days ago I came across a software application that just wouldn’t execute correctly without the user being an administrator on the computer. Since all of my users run as basic / limited users they were unable to use program. After contacting the vendor and looking for all type of rights that we could grant the user so the could execute the program properly we were unable to fix it without making the user an administrator. So rather than making them an administrator or giving them the administrator password I made a little application that calls the other application as a run as but has the administrator credentials complied in. I realize that you can probably decompile the application and get the password, but for many users that is too much work, or they lack the expertise, so I view this as a small security issue. To further protect the account I made one that only exists on that computer. Below is the code that you can use to build a similar application it is only a few lines but it can solve a headache and keep a password relatively secure.

This is a VB.NET application
This application will produce an error if it is unable to login as that account or if the target program cannot be found.

Public Class Form1
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim DomainName As String
        Dim UserName As String
        Dim Password As String
        Dim SysPassword As System.Security.SecureString = New System.Security.SecureString()
        DomainName = System.Environment.GetEnvironmentVariable("ComputerName")
        UserName = "administrator"
        Password = "supersecretpassword"

        For Each c As Char In Password
            SysPassword.AppendChar(c)
        Next
        SysPassword.MakeReadOnly()

        Try
            System.Diagnostics.Process.Start("notepad.exe", UserName, SysPassword, DomainName)
        Catch ex As Exception
            MsgBox(ex.Message)
        End Try
        Me.Close()
    End Sub
End Class

Read More

Five Windows Commands Every Administrator Needs To Know

Wayne Zimmerman Leave a comment

You should always feel like a little ninja when a chance to use the command line rolls around. These command should give you an excuse to open and use the command line just a bit more.

  • wuauclt /detectnow – This command makes Windows check for updates in accordance with the settings on the workstation. This is very helpful in domain environments where you have a Windows Server Update Service (WSUS) running and want it to go grab new updates from that server and not use the Microsoft Update website and try to remember which ones you had and hadn’t approved.

  • runas /user:administrator cmd – This command is a simple RunAs command that opens command prompt. This is important to know if you want to run other programs as an administrator while leaving a user logged in. This will allows you to start and other program as administrator simply by typing it in your administrator command window. Just be sure to close it when you leave, if not the user will have open reign on the computer using your account.

  • oobe/msoobe /a – This command will start the Microsoft Product Activation Wizard. This may not be the most useful command on the enterprise environment but when it comes to reinstalling a PC for someone you know it is a necessary evil. None the less, when there is no activation link, just run the command it it will get you rolling.

  • netstat and netstat -a – These two commands shows you the IP address, port and other vital information about the connections your computer is using. These information can be helpful when trying to troubleshoot a PC that has slow internet or some type of malware issue, or when you are setting up a new service on your server and trying to determine why you can’t use a certain port because it is already in use.

  • shutdown -i – Although many people use the shutdown command to shutdown or restart computers, most people don’t know that this has a handy GUI interface which makes declaring all those parameters in the command line obsolete. Give it a shot and shut down your coworkers computer, but give them some time to see if they can figure out the shutdown -a command to abort your shutdown request. This works especially good to test the new guys skills.

I’m sure there are many commands I have forgotten to add that are just as great as these, if you think of one put it in the comments and share it with everyone else.

Read More