PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Running applications that require admin rights in Windows?

From: Larry Petty <Larry.Petty () tribridge com>
Date: Mon, 17 Jun 2013 21:20:10 +0000
Look into the ForceAdminAccess application shim.

http://technet.microsoft.com/en-us/library/cc766024%28v=ws.10%29.aspx




From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Michael 
Salmon
Sent: Sunday, June 16, 2013 10:26 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Running applications that require admin rights in Windows?

Hi guys,
Got a question I'd like to get some advice on.  I support a Windows 7 environment and we stripped the users of admin 
rights, however there are some applications that still require admin rights to run.
For one user I tried setting him up with a 2nd account w/ admin rights so he could Run As the program with it but he 
figured out that it works for any software and abused it (yeah, I know.. big surprise).  Another option I've looked 
into is creating a shortcut to the program that uses the runas /savecred for the default admin account to launch the 
program but then any malicious program (or smart user) can launch most executables by using the runas /savecred without 
needing to enter the admin password. While I do believe this is still better then always running as admin, it's not the 
best option.
How do others in their environments handle these situations?
One option that has been brought up is granting users admin rights and using a white list software to prevent launching 
any programs that aren't approved.  I'm not sure how easy these are to work around or maintain as I haven't tested any 
whitelisting software yet.

Thanks guys!
BTW, PDC guys/girls did a great job hosting and presenting at Security-B sides in RI! I had a great time, and a thank 
you to Mike Perez who provided some great info for security noobs like me :)

 - Michael Salmon


Larry Petty

Office: 813.287.8887 x 1136

Fax: 813.287.8688

Email: mailto:Larry.Petty () tribridge com




_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: