[unisog] User rights

Dave Ellingsberg dave.ellingsberg at csu.mnscu.edu
Thu Jun 29 16:47:22 GMT 2006


 **********************
 Sudo for Windows - "allows authorized users to launch processes with
elevated privileges using their own passphrase... Unlike the runas
command,
Sudo for Windows preserves the user's profile and ownership of created
objects"
<http://sudowin.sourceforge.net/>

****************
 Project description

Sudo for Windows (sudowin) allows authorized users to launch processes
with elevated privileges using their own passphrase. Unlike the runas
command, Sudo for Windows preserves the user's profile and ownership of
created objects.
Technical requirements

    * Microsoft .NET 2.0 Framework
    * Microsoft Windows 2000, Microsoft Windows XP, Microsoft Windows
Server 2003, Microsoft Windows Vista Beta 2

The runas command

There seems to be a lot of confusion about what the Windows runas
command. The runas command does not enable a user to escalate her
privileges, it allows the user to assume the identity of a privileged
account, if she knows the passphrase of that account. For this reason
the runas command should be thought of as an equivalent to the
UNIX/Linux command, su..........

bigfoot.
 
>>>pgoverts at sjfc.edu 06/29/06 11:34 am >>> 
Here we generally give users (both faculty and staff) Power User access 
to their systems, and we only give administrator rights on a case by 
case basis, where warranted. 
 
Paul 
 
-----Original Message----- 
From: unisog-bounces at lists.sans.org 
[mailto:unisog-bounces at lists.sans.org] On Behalf Of I Freecycle 
Sent: Thursday, June 29, 2006 9:37 AM 
To: unisog at lists.sans.org 
Subject: [unisog] User rights 
 
Hello, 
 
I'm wondering how others deal with allowing users rights on work 
computers. 
 
At our school, users aren't normally given Administrator or Power User 
rights unless it's absolutely necessary. Occasionally we 
encounter employees and students that don't understand how easily a 
system can be messed up and the security issues involved nor why we 
feel it's necessary to operate like this. 
 
I would like to know what others do, and what policies they have in 
place to address these issues. 
 
Thanks. 
 
unisog mailing list 
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog 
 
 
unisog mailing list 
unisog at lists.sans.org 
http://www.dshield.org/mailman/listinfo/unisog 


More information about the unisog mailing list