Tags: dirty, entered, hack, login-informations, microsoft, msdn, own, runas, runashow, savecred, saved, software, write

runas /savecred - a dirty hack?

On Microsoft » Microsoft XP

4,174 words with 4 Comments; publish: Mon, 26 May 2008 13:34:00 GMT; (331328.13, « »)

Hello *,

I have got some questions about runas:

How does it work (how do I write my own runas)?

Where get the entered login-informations saved if I use /savecred?

How are they protected from the (non-privileged) user? Are the

encrypted? - If, it seems be a symmetric encryption - but where is the

key stored? Why shouldn't my (non-privileged) user get that key and get

my admin-password as plain-text?

Is there a save solution to permit certain users admin-access to

certain-applications (not all) - just like good old unix s-bit?

Thanks for your help...

Henning

All Comments

Leave a comment...

  • 4 Comments
    • HOW TO: Enable and Use the "Run As" Command When Running Programs in Windows

      http://support.microsoft.com/default...&Product=winxp

      Carey Frisch

      Microsoft MVP

      Windows XP - Shell/User

      Be Smart! Protect your PC!

      http://www.microsoft.com/security/protect/

      -----

      "Henning Meyer (remove the numbers)" <Henning_Meyer123.windows-xp.questionfor.info.gmx.net> wrote in message:

      news:c68f4c$8ppo2$1.windows-xp.questionfor.info.ID-105195.news.uni-berlin.de...

      | Hello *,

      | I have got some questions about runas:

      | How does it work (how do I write my own runas)?

      | Where get the entered login-informations saved if I use /savecred?

      | How are they protected from the (non-privileged) user? Are the

      | encrypted? - If, it seems be a symmetric encryption - but where is the

      | key stored? Why shouldn't my (non-privileged) user get that key and get

      | my admin-password as plain-text?

      | Is there a save solution to permit certain users admin-access to

      | certain-applications (not all) - just like good old unix s-bit?

      |

      | Thanks for your help...

      |

      | Henning

      #1; Mon, 26 May 2008 13:35:00 GMT
    • Henning,

      You may wish to check out the following app for creating a process using

      the "runas" while integrating the username/password. Very Slick :-)

      http://www.joeware.net/win32/zips/CPAU.zip

      or

      http://www.joeware.net/win32/index.html

      Cheers

      VIGUY

      Henning Meyer (remove the numbers) wrote:

      > Hello *,

      > I have got some questions about runas:

      > How does it work (how do I write my own runas)?

      > Where get the entered login-informations saved if I use /savecred?

      > How are they protected from the (non-privileged) user? Are the

      > encrypted? - If, it seems be a symmetric encryption - but where is the

      > key stored? Why shouldn't my (non-privileged) user get that key and get

      > my admin-password as plain-text?

      > Is there a save solution to permit certain users admin-access to

      > certain-applications (not all) - just like good old unix s-bit?

      > Thanks for your help...

      > Henning

      #2; Mon, 26 May 2008 13:36:00 GMT
    • nice thing...can you make the source available, please ?

      Would be great...

      What about /savecred (where does the data get stored) ?

      Henning

      VIGUY wrote:

      > Henning,

      > You may wish to check out the following app for creating a process using

      > the "runas" while integrating the username/password. Very Slick :-)

      > http://www.joeware.net/win32/zips/CPAU.zip

      > or

      > http://www.joeware.net/win32/index.html

      > Cheers

      > VIGUY

      >

      #3; Mon, 26 May 2008 13:37:00 GMT
    • Thanks, but I already know how to use it, I just wanted to know how it

      works internally...(what system-calls does it use...)

      Henning

      Carey Frisch [MVP] wrote:

      > HOW TO: Enable and Use the "Run As" Command When Running Programs in Windows

      > http://support.microsoft.com/default...&Product=winxp

      >

      #4; Mon, 26 May 2008 13:38:00 GMT