Vista Forums - View Single Post

09-23-2007

Sorry about the response lag.

I had originally just noted that it was possible to do this while installing
SUA on Vista; it has options for allowing setuid (and also sutoroot) during
install phase. I went back this morning and tried allowing setuid to work,
even reinstalling SUA, but I can't even find the binary - just the man page.

I think this is going to take someone who knows more about SUA to answer,
which kind of drives home the point that it isn't a practical solution for
most people.

"Jesper" <Jesper@xxxxxx> wrote in message
news:625CF4E0-012B-486F-9967-F777BF5F6B66@xxxxxx

Quote:

> Good point Alex. I didn't think of that. Does it actually do what setuid
> does
> on Unix though? Does it let limited Windows users run administrative
> applications?
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Alex K. Angelopoulos (MVP)" wrote:
>

Quote:

>> A minor caveat - there actually _is_ a setuid included in the free SUA
>> add-on from Microsoft:
>>
>> http://www.microsoft.com/downloads/d...8-efde5758c47f
>>
>> Security implications of enabling setuid aside (you're warned in setup),
>> from a practical standpoint you're still right. Using setuid isn't
>> something
>> that most users will want to get into.
>>
>> "Jesper" <Jesper@xxxxxx> wrote in message
>> news

3C43215-F198-45E5-B98E-124A4A3DF852@xxxxxx

Quote:

>> > Not if you want the executable to run as an administrator. There is no
>> > setuid
>> > equivalent on Windows.
>> >
>> > If you control the executable, the proper way to do that is to refactor
>> > the
>> > executable into a service portion, which runs elevated and performs the
>> > administrative tasks, and a user-mode portion that runs as the user.
>> > ---
>> > Your question may already be answered in Windows Vista Security:
>> > http://www.amazon.com/gp/product/047...otectyourwi-20
>> >
>> >
>> > "pjw lignon" wrote:
>> >
>> >> Dear All,
>> >>
>> >> When a non-administrator wants to run an executable, Vista asks for an
>> >> adminstrator password.
>> >>
>> >> If I want to allow an executable to run under a user without having to
>> >> provide an administrator password, is it possible/allowed in Vista?

>>

09-23-2007	#8 (permalink)
Alex K. Angelopoulos \(MVP\) n/a posts	Re: Bypass RunAs Sorry about the response lag. I had originally just noted that it was possible to do this while installing SUA on Vista; it has options for allowing setuid (and also sutoroot) during install phase. I went back this morning and tried allowing setuid to work, even reinstalling SUA, but I can't even find the binary - just the man page. I think this is going to take someone who knows more about SUA to answer, which kind of drives home the point that it isn't a practical solution for most people. "Jesper" <Jesper@xxxxxx> wrote in message news:625CF4E0-012B-486F-9967-F777BF5F6B66@xxxxxx Quote: > Good point Alex. I didn't think of that. Does it actually do what setuid > does > on Unix though? Does it let limited Windows users run administrative > applications? > --- > Your question may already be answered in Windows Vista Security: > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > "Alex K. Angelopoulos (MVP)" wrote: > Quote: >> A minor caveat - there actually _is_ a setuid included in the free SUA >> add-on from Microsoft: >> >> http://www.microsoft.com/downloads/d...8-efde5758c47f >> >> Security implications of enabling setuid aside (you're warned in setup), >> from a practical standpoint you're still right. Using setuid isn't >> something >> that most users will want to get into. >> >> "Jesper" <Jesper@xxxxxx> wrote in message >> news3C43215-F198-45E5-B98E-124A4A3DF852@xxxxxx Quote: >> > Not if you want the executable to run as an administrator. There is no >> > setuid >> > equivalent on Windows. >> > >> > If you control the executable, the proper way to do that is to refactor >> > the >> > executable into a service portion, which runs elevated and performs the >> > administrative tasks, and a user-mode portion that runs as the user. >> > --- >> > Your question may already be answered in Windows Vista Security: >> > http://www.amazon.com/gp/product/047...otectyourwi-20 >> > >> > >> > "pjw lignon" wrote: >> > >> >> Dear All, >> >> >> >> When a non-administrator wants to run an executable, Vista asks for an >> >> adminstrator password. >> >> >> >> If I want to allow an executable to run under a user without having to >> >> provide an administrator password, is it possible/allowed in Vista? >>
My System Specs