แชร์ผ่าน

New LUA Tool

  • บทความ

For the last few weeks, I've been playing around with a LUA tool that was recently presented to me.  The tool is available on the following website

https://www.harper.no/valery/CategoryView,category,RunAsAdmin.aspx

The tool intercepts interactive logons and uses the Safer APIs to restrict your logon token to that of a normal user and start explorer with the restricted token.  In effect, when you log on it logs you on as a normal user.  The handy part is that it also creates a tray application that allows you to start programs with your full token rights without the hassle of entering your password.  This is very similar to Aaron Margosis's MakeMeAdmin.cmd script.  I highly recomend this for anyone who runs as an LUA. 

Here are the few downsides I have encountered while using this program

  1. CTRL+SHIFT+ESC starts TaskMgr with full administrative rights (noted on website).  You can get around this by choosing the taskmgr from the TaskBar right click menu
  2. For this to work, your account must be a part of the Administrators group.  Thus if you use the MakeMeAdmin script out of habbit one day, it will remove your account from the Administrator group.

Comments

  • Anonymous
    July 02, 2005
    Jared,
    there is no such requirement to be a part of Administrators group, you can use RunAsAdmin with power user or just as normal user, but it has a bit more value for using it with more privileged accounts :-).
    And with new version of RunAsAdmin, that I posted on source forge this week, you can easily control the level of restriction aplied to programs started by the task manager (i even show how to do that in a demo that I put on my blog).
    RunAsAdmin's idea is quite similar to User Account Protection in Longhorn (note I didn't see what's going on in Longhorn with it - I'm just basing this statement on some whitepapers I've read last month). I.e. even if you logon as administrator - you still run as restricted user, and when you require to perform some administrative task - you can do that by using RunAsAdmin GUI or Drag&Drop or Shell Extension menu, but you'll be asked if you want to run the program with Unrestricted level of trust.

    -Valery.