Re: Running applications that require admin rights in Windows?

[Michael Salmon <lonestarr13 () gmail com>]

Hi Mike,
Thank you.  I did get some ideas from those that hit me up off the list.  I
had three recommendations.
Danilo recommended EncryptedRunAS software from
http://www.wingnutsoftware.com/
Ty recommended a product from Avecto called Privilege Guard that his
company is using with great results.
Craig recommended a third option but it may be the same concept as using a
shortcut to 'runas /user:computername\administrator /savecred "Path To
Executable"' command.  Craig was going to double check when he had time.
I haven't had been able to download and do any testing yet but I really
appreciate all the recommendations!


On Tue, Jun 18, 2013 at 9:53 AM, Mike Perez <mike () pauldotcom com> wrote:

> As luck would have it, I'm in the Windows Security class with Jason
> Fossen.  I'll ask him if he has any specific recommendations.
>
> Did you get any feedback from the list yet?  If so, please share!
>
> Thanks,
> Mike
>
>
> On Sun, Jun 16, 2013 at 10:25 PM, Michael Salmon <lonestarr13 () gmail com>wrote:
>
> > Hi guys,
> > Got a question I'd like to get some advice on.  I support a Windows 7
> > environment and we stripped the users of admin rights, however there are
> > some applications that still require admin rights to run.
> > For one user I tried setting him up with a 2nd account w/ admin rights so
> > he could Run As the program with it but he figured out that it works for
> > any software and abused it (yeah, I know.. big surprise).  Another option
> > I've looked into is creating a shortcut to the program that uses the runas
> > /savecred for the default admin account to launch the program but then any
> > malicious program (or smart user) can launch most executables by using the
> > runas /savecred without needing to enter the admin password. While I do
> > believe this is still better then always running as admin, it's not the
> > best option.
> > How do others in their environments handle these situations?
> > One option that has been brought up is granting users admin rights and
> > using a white list software to prevent launching any programs that aren't
> > approved.  I'm not sure how easy these are to work around or maintain as I
> > haven't tested any whitelisting software yet.
> >
> > Thanks guys!
> > BTW, PDC guys/girls did a great job hosting and presenting at Security-B
> > sides in RI! I had a great time, and a thank you to Mike Perez who provided
> > some great info for security noobs like me :)
> >
> >  - Michael Salmon
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> Mike Perez
> Executive Producer, PaulDotCom Security Weekly
>
> PaulDotCom Enterprises
> Web: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com