Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Running as Non-Admin in Windows XP

Running as Non-Admin in Windows XP

  • Comments 2
  • Likes

I recently had a chat with Tonny Bjorn after my recent blog post and he pointed me to a solution he is using to have users running as non-admin on Windows XP and still having the ability to elevate: He uses a freeware called Sudo for Windows and seems to be fairly happy with it. I have to possibility to look into it (I am running Windows 7 or Windows Vista) but you might want to consider something like that. The real disadvantage is that it installs a service (I think as Local System). So, if this service has a vuln, you are toast as well…

So, I cannot recommend this as I do not know it well enough but it might be worth a look

Roger

Comments
  • always make me nervous when I click a link (such as the link to the sudo site) that windows live blocks!  Any ideas as to how this is different then runas?

  • This a good wrap of how it works:

    [snip]Sudo for Windows (sudowin) allows authorized users to launch processes with elevated privileges using their own passphrase. Unlike the runas command, Sudo for Windows preserves the user's profile and ownership of created objects.[/snip]

    If you want it from the source, check out this link:

    http://sourceforge.net/projects/sudowin/

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment