Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/
pauldotcom logo
PaulDotCom Mailing List

General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
2013283329
2012253255294288
2011433403313168
20101040730620463
20097136151233889
2008548

Latest Posts

Re: Running applications that require admin rights in Windows? Nathan Sweaney (Jun 19)
The EncryptedRunAs program sounds very similar to old program called CPAU.
It's no longer supported, but still works fine on Windows 7 and it's free.
However, both programs have a serious flaw. In order to run the actual
command you want with the credentials that are "encrypted," they have to
have the encryption key and use it to decrypt the command. In other words,
at best you have several layers of obfuscation on top of an...

Re: Running applications that require admin rights in Windows? Michael Salmon (Jun 19)
I got a lot of options to review now, a lot more then reading suggestions
at online tech forums. Part of the problem is one of the software package
I'm thinking of using it on is a wireless card software called Tata Photon+
that our remote users in India run. Not something I have here to test.
I'd prefer to either use the sysinternal tools to grant access to the
necessary files\folders\regkeys or maybe grant RunAsInvoker or the...

Re: Running applications that require admin rights in Windows? Guillaume Ross (Jun 19)
For those who have had issues with Time zones in the past, it's worth knowing that in Windows there are now two
different User Rights:

One for changing the system time (which non admins definitely do not need)
One for changing the timezone (which non admins greatly appreciate having)

Minor feature but makes a big difference.

For the rest of the stuff, as mentioned before:

1 - Delegate the proper permissions on the files and registry
2 -...

Re: Running applications that require admin rights in Windows? Tony Turner (Jun 18)
In the past I used regmon and tokenmon to understand what rights apps need
to run and then made permissions changes on specific registry keys or
protected files to allow privileged access and included that custom config
in default build for that subsection of users requiring elevated access.
Make sure you understand the security implications of any permissions
changes if you take this approach. For enterprise specific browser
addons/ActiveX...

Re: Running applications that require admin rights inWindows? Ryan (Jun 18)
I use Windows permissions/access control lists to allow the group/user access to the required files, directories and
registry keys. Figuring out what they need access to and that level of access is the tricky part. Procmon
(Sysinternals/Microsoft) is a great tool for this and many other types of application debugging. It will monitor file,
registry, process and network access to tell when the required application is running successfully as...

Re: BSidesRI Videos Omid Mohammadi (Jun 18)
Thanks!

Regards,
Omid
Sent from my mobile device

Re: Running applications that require admin rights in Windows? Jesse McMinn (Jun 18)
I recently encountered this issue in my environment while migrating to
Windows 7. I have a decent amount of legacy software requiring
administrator rights that the developers don't have time to fix.

I used the Microsoft Application Compatibility Toolkit to grant
RunAsInvoker rights to the specific programs needing admin rights. You can
test to see if it will run at that point and adjust as needed. The end
result is a .sdb file you can...

Re: Running applications that require admin rights in Windows? Michael Salmon (Jun 18)
Hi Mike,
Thank you. I did get some ideas from those that hit me up off the list. I
had three recommendations.
Danilo recommended EncryptedRunAS software from
http://www.wingnutsoftware.com/
Ty recommended a product from Avecto called Privilege Guard that his
company is using with great results.
Craig recommended a third option but it may be the same concept as using a
shortcut to 'runas /user:computername\administrator /savecred "Path...

Re: Running applications that require admin rights in Windows? Michael Dickey (Jun 18)
I'm not going to help a ton since I'm a few years removed from being useful
on the desktop, but where I work, we either don't allow that software or we
make exceptions based on roles.

For software that just needs admin rights, we do whatever we can to say no
to having it in our network. If we absolutely must, we do entertain the
idea of hosting it on a virtual Windows desktop system and granting
as-needed access to it or...

Re: Running applications that require admin rights in Windows? Larry Petty (Jun 18)
Look into the ForceAdminAccess application shim.

http://technet.microsoft.com/en-us/library/cc766024%28v=ws.10%29.aspx

From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Michael
Salmon
Sent: Sunday, June 16, 2013 10:26 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Running applications that require admin rights in Windows?

Hi guys,
Got a question I'd like...

Re: Running applications that require admin rights in Windows? Bugbear (Jun 18)
Hey Michael

We stripped admin rights out years ago. It was a fair amount of work (took
a solid year) but what we did was to document the registry keys and file
locations each software uses and give the user modify to only those
locations and files. (Like I said it took some time) In most cases these
are easy locations to find based on the naming but there were some cases
where we would have to turn to things like Sysinternals ProcMon to...

Re: Running applications that require admin rights in Windows? Mike Perez (Jun 18)
As luck would have it, I'm in the Windows Security class with Jason Fossen.
I'll ask him if he has any specific recommendations.

Did you get any feedback from the list yet? If so, please share!

Thanks,
Mike

On Sun, Jun 16, 2013 at 10:25 PM, Michael Salmon <lonestarr13 () gmail com>wrote:

Re: official site of Security Certified Network Professional (SCNP) Glenn Barrett (Jun 17)
I had both the SCNP and SCNA back in approx. 2008. I believe at one point
it was even one of the security certs that fulfilled one of the Dog
requirements. The company issuing the cert then got bought out by a foreign
company and it seemed harder to get any more information, so I didn't
bother trying to renew. The material and exam were actually quite
comprehensive. No idea what the current state of these certs is though.

Re: BSidesRI Videos d4x (Jun 17)
Thank you Adrian!

Sent from my mobile

Re: BSidesRI Videos Patrick Laverty (Jun 17)
He already did! He had three of them up a few hours or so before the
presenter even started!! :)

Adrian rocks.

If you're doing conference videos and don't bring in Adrian, you're doing
it wrong.

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]