|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
09-19-2007
| #1 (permalink) |
| | Bypass RunAs Dear All, When a non-administrator wants to run an executable, Vista asks for an adminstrator password. If I want to allow an executable to run under a user without having to provide an administrator password, is it possible/allowed in Vista? |
My System Specs |
|
09-19-2007
| #2 (permalink) |
| | RE: Bypass RunAs Not if you want the executable to run as an administrator. There is no setuid equivalent on Windows. If you control the executable, the proper way to do that is to refactor the executable into a service portion, which runs elevated and performs the administrative tasks, and a user-mode portion that runs as the user. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "pjw lignon" wrote: Quote: > Dear All, > > When a non-administrator wants to run an executable, Vista asks for an > adminstrator password. > > If I want to allow an executable to run under a user without having to > provide an administrator password, is it possible/allowed in Vista? |
| My System Specs |
|
09-21-2007
| #3 (permalink) |
| | Re: Bypass RunAs Have you tried embedding a manifest file as a resource in your application? That will do it. Info here: http://www.devx.com/VistaSpecialRepo...33856/0/page/2 specifically in the middle of the page. -- Steve Easton "pjw lignon" <pjwlignon@xxxxxx> wrote in message news:0854BD26-C038-48B4-898F-4E36A63311C0@xxxxxx Quote: > Dear All, > > When a non-administrator wants to run an executable, Vista asks for an > adminstrator password. > > If I want to allow an executable to run under a user without having to > provide an administrator password, is it possible/allowed in Vista? |
| My System Specs |
|
09-21-2007
| #4 (permalink) |
| | Re: Bypass RunAs The manifest governs how elevation is invoked (automatica, only for members of the admins group, or not at all). It does not permit automatic, password-less elevation of only certain apps. --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Steve Easton" wrote: Quote: > Have you tried embedding a manifest file as a resource in your application? > That will do it. > > Info here: > http://www.devx.com/VistaSpecialRepo...33856/0/page/2 > specifically in the middle of the page. > > > -- > > Steve Easton > > > > "pjw lignon" <pjwlignon@xxxxxx> wrote in message > news:0854BD26-C038-48B4-898F-4E36A63311C0@xxxxxx Quote: > > Dear All, > > > > When a non-administrator wants to run an executable, Vista asks for an > > adminstrator password. > > > > If I want to allow an executable to run under a user without having to > > provide an administrator password, is it possible/allowed in Vista? > > |
| My System Specs |
|
09-22-2007
| #5 (permalink) |
| | Re: Bypass RunAs A minor caveat - there actually _is_ a setuid included in the free SUA add-on from Microsoft: http://www.microsoft.com/downloads/d...8-efde5758c47f Security implications of enabling setuid aside (you're warned in setup), from a practical standpoint you're still right. Using setuid isn't something that most users will want to get into. "Jesper" <Jesper@xxxxxx> wrote in message news  3C43215-F198-45E5-B98E-124A4A3DF852@xxxxxxQuote: > Not if you want the executable to run as an administrator. There is no > setuid > equivalent on Windows. > > If you control the executable, the proper way to do that is to refactor > the > executable into a service portion, which runs elevated and performs the > administrative tasks, and a user-mode portion that runs as the user. > --- > Your question may already be answered in Windows Vista Security: > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > "pjw lignon" wrote: > Quote: >> Dear All, >> >> When a non-administrator wants to run an executable, Vista asks for an >> adminstrator password. >> >> If I want to allow an executable to run under a user without having to >> provide an administrator password, is it possible/allowed in Vista? |
| My System Specs |
|
09-22-2007
| #6 (permalink) |
| | Re: Bypass RunAs Good point Alex. I didn't think of that. Does it actually do what setuid does on Unix though? Does it let limited Windows users run administrative applications? --- Your question may already be answered in Windows Vista Security: http://www.amazon.com/gp/product/047...otectyourwi-20 "Alex K. Angelopoulos (MVP)" wrote: Quote: > A minor caveat - there actually _is_ a setuid included in the free SUA > add-on from Microsoft: > > http://www.microsoft.com/downloads/d...8-efde5758c47f > > Security implications of enabling setuid aside (you're warned in setup), > from a practical standpoint you're still right. Using setuid isn't something > that most users will want to get into. > > "Jesper" <Jesper@xxxxxx> wrote in message > news 3C43215-F198-45E5-B98E-124A4A3DF852@xxxxxxQuote: > > Not if you want the executable to run as an administrator. There is no > > setuid > > equivalent on Windows. > > > > If you control the executable, the proper way to do that is to refactor > > the > > executable into a service portion, which runs elevated and performs the > > administrative tasks, and a user-mode portion that runs as the user. > > --- > > Your question may already be answered in Windows Vista Security: > > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > > > > "pjw lignon" wrote: > > Quote: > >> Dear All, > >> > >> When a non-administrator wants to run an executable, Vista asks for an > >> adminstrator password. > >> > >> If I want to allow an executable to run under a user without having to > >> provide an administrator password, is it possible/allowed in Vista? |
| My System Specs |
|
09-22-2007
| #7 (permalink) |
| | Re: Bypass RunAs The clear answer is that yes, it is possible. Make the program not require administrative privileges. If it does require admin privileges, then it must prompt the user. -- Robert Firth "pjw lignon" <pjwlignon@xxxxxx> wrote in message news:0854BD26-C038-48B4-898F-4E36A63311C0@xxxxxx Quote: > Dear All, > > When a non-administrator wants to run an executable, Vista asks for an > adminstrator password. > > If I want to allow an executable to run under a user without having to > provide an administrator password, is it possible/allowed in Vista? |
| My System Specs |
|
09-23-2007
| #8 (permalink) |
| | Re: Bypass RunAs Sorry about the response lag.  I had originally just noted that it was possible to do this while installing SUA on Vista; it has options for allowing setuid (and also sutoroot) during install phase. I went back this morning and tried allowing setuid to work, even reinstalling SUA, but I can't even find the binary - just the man page. I think this is going to take someone who knows more about SUA to answer, which kind of drives home the point that it isn't a practical solution for most people.  "Jesper" <Jesper@xxxxxx> wrote in message news:625CF4E0-012B-486F-9967-F777BF5F6B66@xxxxxx Quote: > Good point Alex. I didn't think of that. Does it actually do what setuid > does > on Unix though? Does it let limited Windows users run administrative > applications? > --- > Your question may already be answered in Windows Vista Security: > http://www.amazon.com/gp/product/047...otectyourwi-20 > > > "Alex K. Angelopoulos (MVP)" wrote: > Quote: >> A minor caveat - there actually _is_ a setuid included in the free SUA >> add-on from Microsoft: >> >> http://www.microsoft.com/downloads/d...8-efde5758c47f >> >> Security implications of enabling setuid aside (you're warned in setup), >> from a practical standpoint you're still right. Using setuid isn't >> something >> that most users will want to get into. >> >> "Jesper" <Jesper@xxxxxx> wrote in message >> news 3C43215-F198-45E5-B98E-124A4A3DF852@xxxxxxQuote: >> > Not if you want the executable to run as an administrator. There is no >> > setuid >> > equivalent on Windows. >> > >> > If you control the executable, the proper way to do that is to refactor >> > the >> > executable into a service portion, which runs elevated and performs the >> > administrative tasks, and a user-mode portion that runs as the user. >> > --- >> > Your question may already be answered in Windows Vista Security: >> > http://www.amazon.com/gp/product/047...otectyourwi-20 >> > >> > >> > "pjw lignon" wrote: >> > >> >> Dear All, >> >> >> >> When a non-administrator wants to run an executable, Vista asks for an >> >> adminstrator password. >> >> >> >> If I want to allow an executable to run under a user without having to >> >> provide an administrator password, is it possible/allowed in Vista? |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| i need help with using 'runas.exe' | Vista account administration | |||
| Impersonation Vs RunAs | VB Script | |||
| RUNAS and Backup | Vista performance & maintenance | |||
| RunAs | Vista security | |||
| runas /user:USER problem and a strange behavior of runas | Vista account administration | |||
