Security Basics mailing list archives

Re: Windows,Linux, admin account's, su,runas, and user switching

From: "Tim Syratt" <tim () syratt com>
Date: Sat, 18 Oct 2003 22:05:07 +1000

Hello,

Would 'runas' suit your needs? open a command wnidow, and type runas for
syntax.

Regs,
Tim

----- Original Message ----- 
From: <Tomatohead () myrealbox com>
To: <security-basics () securityfocus com>
Sent: Saturday, October 18, 2003 1:39 AM
Subject: Windows,Linux, admin account's, su,runas, and user switching

I just recently started running as a non-admin on my windows 2000 pro
home machine.

The main reason I had put this off for so long is because it is a PAIN
on windows to run as anything but admin !

Though runas alleviates a lot of problems, it is a pain in the butt
to enter your pass everytime you need to run a system program.

Of course, I know this is the whole point !

Linux has su which "caches" your credentials for a while ... a very
nice feature.

Windows XP has user switching, but I had heard user switching somehow
weakens the system security ?
Is this true at all ?

I have come up with my own solution to this ...
which i hope is a nice compromise between security and convenience.

I LOVE this program Total Commander. Now I have it set up as a sort of
"mini Admin shell". I launch all the programs i need to run as admin
from it, like control panel, services and other admin tools, nero, etc
... I have Total Comm. itself setup with "runas different user" .

The main risk of running as admin is that you may inadvertently run some
mailicious code under admin privaleges.
So I should be safe having this "mini admin shell" running in the
background ... since only programs i launch from it will have root
privaleges ?

Any thought's on this welcome.

p.s.
If anyone wants to comment on the effectiveness of the windows GINA
(screen lockout mechanism) I'd like to hear opinions on that too.

cheers,
e

--------------------------------------------------------------------------

FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
--------------------------------------------------------------------------

--



---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------

Current thread:

Windows,Linux, admin account's, su,runas, and user switching Tomatohead (Oct 17)
- Re: Windows,Linux, admin account's, su,runas, and user switching Tim Syratt (Oct 20)