Re: SecureString() in framework 1.1

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On 31 Lug, 15:19, "Patrice" <http://www.chez.com/scribe/> wrote:
If we step back to the real problem. What is this application that must run
under an administrative account ?

I've seen applications failing and it's usually something such as writing to
a bad location in which case changing the location where the application
writes or in the worst case granting rights to the application directory is
sufficient to make the application run.

Tools such as wwww.sysinternals.comcould help and the editor support could
likely have already heard about this.

If the user runs under an administrative account :
- he could do whatever he want on disk (for example from the save dialog)

My personal preference would be to grant the minimal amount of rights needed
to run rather than running the application under an administrative account.

Else I'm afraid there is not much you can do :
- you could perhaps encrypt a script (windows script encoder if I remember)
but AFAIK it's quite weak
- even a Securestring wouldn't help if the password is shown anyway in your
code
- GPOs are able to run under scripts administrative accounts but AFAIK at
startup

I would definitively try to understand what this damn application needs
something better than normal rigths (but it likely doesn"t mean real admin
rights).

--
Patrice

"Pietro Pesce" <mista...@xxxxxxxx> a écrit dans le message de news:
1185885016.165700.67...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 30 Lug, 19:52, "Patrice" <http://www.chez.com/scribe/> wrote:





The problem for us is that running a program as an administrator has
nothing
to do with the SecureString object. It will run as well with a usual
string.

So for now I'm not sure if the question is that you don't know that the
SecureString is not needed and that a string will work as well ?!

If this is to run at start time I would use a GPO for example. Not an
expert
but AFAIK it allows to run scripts are an administrator out from the box.

--
Patrice

"Pietro Pesce" <mista...@xxxxxxxx> a écrit dans le message de news:
1185808262.590321.313...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On 30 Lug, 17:08, Spam Catcher <spamhoney...@xxxxxxxxxx> wrote:
Pietro Pesce <mista...@xxxxxxxx> wrote in news:1185806252.061571.69480@
57g2000hsv.googlegroups.com:

mmmm i dont understand:
1- how can use securestring whit fw 1.1? post the code?
2- you know another method for run the program whit the administrator
privileges?

SecureString isn't in .NET 1.1

.NET Framework
Supported in: 3.0, 2.0

http://msdn2.microsoft.com/en-us/library/system.security.securestring....

I KNOW!
my question is: there is another method for run the program whit the
administrator
privileges?- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -

i' have od this vbs

On Error Resume Next
dim WshShell,FSO

sUser=*****
sPass=****
sCmd=****
set WshShell = CreateObject("WScript.Shell")
set WshEnv = WshShell.Environment("Process")
WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"
set FSO = CreateObject("Scripting.FileSystemObject")

if FSO.FileExists(winpath) then
'wscript.echo winpath & " " & "verified"
else
wscript.echo "!! ERROR !!" & VBCRLF & "Can't find or verify " &
winpath &"." & VBCRLF & "You must be running Windows 2000 for this
script to work."
set WshShell=Nothing
set WshEnv=Nothing

set FSO=Nothing
wscript.quit
end if

rc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd &
CHR(34), 2, FALSE)

Wscript.Sleep 30 'need to give time for window to open.
WshShell.AppActivate(WinPath) 'make sure we grab the right window to
send password to
WshShell.SendKeys sPass 'send the password to the waiting

set WshShell=Nothing
set WshEnv=Nothing
set FSO=Nothing

wscript.quit

but if the user open it whit notepad see the password ^_^
i can encrypt?

my problem is:
1- the must run in administrative mode
2- the user cant see/write the password

tnx,Pietro- Nascondi testo tra virgolette -

- Mostra testo tra virgolette -

i have made a program for change ip...i must run this exe in
administrator mode because the user don have the permission to do ;)

.

Relevant Pages

  • Re: iMAC 21.5-inch: 3.2GHz Core i3 ??
    ... And if you do install ... The initial user account Mac OS X creates during installation is indeed ... normal users for the username and password of an administrator when you ... Could you use an administrative account daily without adverse effects? ...
    (comp.sys.mac.system)
  • Re: auto-login multiple accounts
    ... If you go out of your way to look on the Apple support ... The initial user account Mac OS X creates during installation is indeed ... for the username and password of an administrator when you attempt to do ... Could you use an administrative account daily without adverse effects? ...
    (comp.sys.mac.system)
  • [NEWS] SurgeFTP Administrative Account Can be Easily Brute Forced
    ... SurgeFTP Administrative Account Can be Easily Brute Forced ... This file is used to authenticate an administrator basic HTTP ...
    (Securiteam)
  • RE: Rename Administrator and Guest account
    ... > I found the script below have been working from it; ... > Not needing to look up the "old" administrative account name because this is ... ' as user running the script have administrator rights on it. ... Dim sUserSID, oWshNetwork, oUserAccount ...
    (microsoft.public.windows.server.scripting)
  • Re: higher security for user accounts?
    ... He is probably simply booting into safe mode, and making use of fact that ... vendors leave the password of the built-in Administrator account blank. ... > administrative account, or have the settings locked on only one ...
    (microsoft.public.windowsxp.security_admin)