[unisog] Admin Password Management
michael.holstein at csuohio.edu
Wed Feb 23 13:47:54 GMT 2005
> Runas is a replacement for su, not for sudo- with runas you need to enter
> the administrative password, and can then run any command as root.
More correctly, Runas allows you to run any command as ANY user (not
just 'administrator'. Correct use of GPO to manipulate the local
security policy will allow you to setup rights to do whatever you're
after (be it create backups, shutdown the machine, etc.).
In reality, you shouldn't need 'runas' at all .. just setup groups for
whatever role you're trying to establish and then use that domain group
as above to permit access to the function which the particular admin
Be careful with some roles (like run as service) because those can be
used for privilege escalation in said admin is clever enough.
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog