RE: Service install without permissions

["JM" <jm () mindless com>]

If theses machines don't "belong" to you, I would suggest that installing
apps/services without Admin privleges is the way it is meant to be. You
would be installing your apps on a machine owned by someone else, they
should have the ability to control this.

How would you feel if an audit of PCs/Servers under your control, revealed
that someone had written an application specifically to avoid the controls
you had put in place.  I would send the software to the local admin, and
have then install it, in a controlled manner.

If however they are "your" machines, you can psexec (from sysinternals) and
run the installation's remotely, or remote control, or use a temporary
password for the runas command

Cheers

JM




-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] 
Sent: 20 November 2003 11:46
To: security-basics () securityfocus com

On 2003-11-19 Lucas Beber wrote:
> We need to send a CD for autoinstall a service in remote locations 
> where we have NT Servers. The user's that will run the install 
> procedure do not have the administrator password (for obvious security 
> reasons).
>
> The question is :
> How to install a service without using the administrator user?

If you have remote access you can do it remotely (terminal services, VNC,
...). If not, you can do it by using software like NetInstall [1], which
runs as a service and allows you to distribute the software through
different channels, even CDs. If neither of these preconditions applies to
your case, the answer is: Not.

[1] http://www.netinstall.de/

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------