security

New and Improved Sudo for Vista (now remembers credentials)

Posted on April 2, 2008. Filed under: security, sudo, vista, vista, security, windows |

In one of my earlier blog post I shared source code for a simple utility that I had made. It could be used to launch elevated processes from the command line.

So opening a Elevated command prompt was as simple as writing

sudo cmd

Actually the code for this is very simple as it just executes a well documented system function ShellExecute.

I have made some changes to the script and now it remembers the credentials. So once you execute any command, Vista will ask you confirmation only once and any subsequent call won’t ask for the confirmation with the UAC dialog box.

(more…)

Read Full Post | Make a Comment ( None so far )

Sudo for Vista

Posted on November 28, 2007. Filed under: ruby, security, software, vista |

The following ruby script when given any executable file path as the argument runs it in administrative mode.

   1: require 'Win32API'
   2:  
   3: def shell_execute(process_name)
   4:     process = ''
   5:     process.replace(process_name)
   6:     se = Win32API.new("shell32", "ShellExecute", ['P','P','P','P','P','I'], 'I')
   7:     se.Call(nil,"runas",process,nil,nil,5)
   8: end
   9:  
  10: shell_execute(ARGV[0])

 

In Vista you can do the same by right clicking on the file and selecting “Run as Administrator” but this script allows you to run a process in admin mode using the command line.

The ShellExecute function resides in the shell32.dll and is documented here.

By just giving “runas” as the second parameter to the function the process is executed in the administrative mode.

Read Full Post | Make a Comment ( 1 so far )

Disabling Vista UAC Temporarily

Posted on October 9, 2007. Filed under: security, vista, security, windows |

From Wikipedia:
User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft’s Windows Vista operating system. It aims to improve the security of Windows by limiting applications to standard user privileges until an administrator authorizes an increase in privilege level, in a manner very similar to that seen in Ubuntu Linux.

So this allows a normal user to have elevated privileges whenever required.

Also I always give the default user read only permission and the administrator full permission to the folder that contains my important data. This way I can be sure that if any virus manages to break into my system, it is not able to corrupt my important data.

So by running in the non-admin mode I cannot move files inside the folder that contains my important data or install any software without being prompted for my permission. This can be very annoying especially you are installing many softwares. A work-around for this is opening a command prompt with admin privileges and using that for moving and installing stuff.

Another way of doing this is by opening the explorer.exe process with admin privileges. This doesn’t work by default as opening explorer.exe doesn’t create a new instance of it. To make explorer.exe open new instances every time you have to enable it. It can be enabled by opening any folder, selecting organize from the toolbar -> Folder and Search options -> View (tab) and check the option "Launch folder windows in separate process".

That’s it, now whenever you open explorer.exe from the Vista start menu with admin privileges by right clicking it, any process that you open from inside it will not prompt you for confirmation and thus saving you the headache as you will be in admin mode inside that window.

Read Full Post | Make a Comment ( 2 so far )

Liked it here?
Why not try sites on the blogroll...