|
 |  |  |  |  |  |  |  |  |
Welcome to Vista Forums we are your forum for Windows Vista help and discussion. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
 |
| |||||||
 |
| | Thread Tools | Display Modes |
09-19-2007
| #1 (permalink) |
| Guest | Bypass RunAs Dear All, When a non-administrator wants to run an executable, Vista asks for an adminstrator password. If I want to allow an executable to run under a user without having to provide an administrator password, is it possible/allowed in Vista? |
My System Specs |
|
09-19-2007
| #2 (permalink) | ||||||||||||
| Guest | RE: Bypass RunAs Not if you want the executable to run as an administrator. There is no setuid equivalent on Windows. If you control the executable, the proper way to do that is to refactor the executable into a service portion, which runs elevated and performs the administrative tasks, and a user-mode portion that runs as the user. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "pjw lignon" wrote:
| ||||||||||||
| My System Specs | |||||||||||||
|
09-21-2007
| #3 (permalink) | ||||||||||||
| Guest | Re: Bypass RunAs Have you tried embedding a manifest file as a resource in your application? That will do it. Info here: http://www.devx.com/VistaSpecialRepo...33856/0/page/2 specifically in the middle of the page. -- Steve Easton "pjw lignon" <pjwlignon@xxxxxx> wrote in message news:0854BD26-C038-48B4-898F-4E36A63311C0@xxxxxx
| ||||||||||||
| My System Specs | |||||||||||||
|
09-21-2007
| #4 (permalink) | ||||||||||||||||||||||||
| Guest | Re: Bypass RunAs The manifest governs how elevation is invoked (automatica, only for members of the admins group, or not at all). It does not permit automatic, password-less elevation of only certain apps. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Steve Easton" wrote:
| ||||||||||||||||||||||||
| My System Specs | |||||||||||||||||||||||||
|
09-22-2007
| #5 (permalink) | ||||||||||||||||||||||||
| Guest | Re: Bypass RunAs A minor caveat - there actually _is_ a setuid included in the free SUA add-on from Microsoft: http://www.microsoft.com/downloads/d...8-efde5758c47f Security implications of enabling setuid aside (you're warned in setup), from a practical standpoint you're still right. Using setuid isn't something that most users will want to get into. "Jesper" <Jesper@xxxxxx> wrote in message news  3C43215-F198-45E5-B98E-124A4A3DF852@xxxxxx
| ||||||||||||||||||||||||
| My System Specs | |||||||||||||||||||||||||
|
09-22-2007
| #6 (permalink) | ||||||||||||||||||||||||||||||||||||
| Guest | Re: Bypass RunAs Good point Alex. I didn't think of that. Does it actually do what setuid does on Unix though? Does it let limited Windows users run administrative applications? --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Alex K. Angelopoulos (MVP)" wrote:
| ||||||||||||||||||||||||||||||||||||
| My System Specs | |||||||||||||||||||||||||||||||||||||
|
09-22-2007
| #7 (permalink) | ||||||||||||
| Guest | Re: Bypass RunAs The clear answer is that yes, it is possible. Make the program not require administrative privileges. If it does require admin privileges, then it must prompt the user. -- Robert Firth "pjw lignon" <pjwlignon@xxxxxx> wrote in message news:0854BD26-C038-48B4-898F-4E36A63311C0@xxxxxx
| ||||||||||||
| My System Specs | |||||||||||||
|
09-23-2007
| #8 (permalink) | ||||||||||||||||||||||||||||||||||||
| Guest | Re: Bypass RunAs Sorry about the response lag.  I had originally just noted that it was possible to do this while installing SUA on Vista; it has options for allowing setuid (and also sutoroot) during install phase. I went back this morning and tried allowing setuid to work, even reinstalling SUA, but I can't even find the binary - just the man page. I think this is going to take someone who knows more about SUA to answer, which kind of drives home the point that it isn't a practical solution for most people.  "Jesper" <Jesper@xxxxxx> wrote in message news:625CF4E0-012B-486F-9967-F777BF5F6B66@xxxxxx
| ||||||||||||||||||||||||||||||||||||
| My System Specs | |||||||||||||||||||||||||||||||||||||
| |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Undo RunAs | momo2804 | Vista General | 2 | 04-26-2008 09:35 AM |
| RUNAS and Backup | Julian Davidson | Vista performance & maintenance | 1 | 01-22-2008 01:05 PM |
| runas cpau on vista with uac | Mario | Vista General | 2 | 03-10-2007 05:42 AM |
| RunAs | acolmano | Vista security | 1 | 02-12-2007 11:09 AM |
| runas /user:USER problem and a strange behavior of runas | Stefan Helmig | Vista account administration | 1 | 01-31-2007 01:51 PM |
| Complimentary Industry Resources Vista Forums has joined forces with TradePub.com to offer you a new, exciting, and entirely free professional resource. Visit http://vistax64.tradepub.com today to browse our selection of complimentary Industry magazines, white papers, webinars, podcasts, and more across 34 industry sectors. No credit cards, coupons, or promo codes required. Try it today! |
Linear Mode
