[windows2000] FW: Security UPDATE-- Two Security Add-ons--August 11, 2004

• From: "Jim Kenzig http://thin.net" <jimkenz@xxxxxxxxxxxxxx>
• To: windows2000@xxxxxxxxxxxxx
• Date: Wed, 11 Aug 2004 10:51:12 -0400

Good tips for elevating to Admin priviledges from Windows .Net magazine
security newsletter.
JK

1. In Focus: Two Security Add-ons


==== Sponsor: Free Download! New Sitekeeper(R) 3.1 ====
   Keeping track of your software licenses and staying up-to-date with
the latest patches is a pain -- especially if you have to do it
manually. But unless you stay on top of licenses and patches, you're
opening your site up to legal action and security breaches. *** NEW
Sitekeeper 3.1 is the simple, affordable way to automate your systems
management. Sitekeeper handles hardware and software inventories,
license compliance reports and software/patch installation with just a
few clicks of your mouse. No special training or dedicated hardware
neededin fact, you can start managing within minutes of installation.
It's systems management software -- simplified!
   Try Sitekeeper FREEclick on
   http://list.winnetmag.com/cgi-bin3/DM/y/eg2J0CHwLr0CBw0BKQZ0A5

====================

==== 1. In Focus: Two Security Add-ons ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

If you typically log on to your system by using a regular user
account, you probably sometimes need to have Power User or
Administrator privileges in the domain to perform necessary actions.
Sometimes gaining the required privileges can be cumbersome, depending
on your needs. You can accomplish the temporary elevation of
privileges by using the RunAs command manually, but there's a much
quicker way.

Aaron Margosis wrote a useful add-on command script for Windows that
can help you with running applications in a higher security context.
His script MakeMeAdmin automates the process of using the RunAs
command to elevate your privileges. The script performs three actions:
Adds your current user account to the local Administrators group,
launches a command shell and any other application you want to run,
then removes your account from the local Administrators group.

You can read an explanation of scenarios in which MakeMeAdmin might
come in handy at Margosis's Web log (blog) at the first URL below. You
can download a copy of MakeMeAdmin (in a .zip file) at the second URL
below. The .zip file also contains a second script, MakeMePU, which
elevates your privileges to the Power Users group instead of the
Administrators group.
   http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx
   http://www.speakeasy.org/~aaronmar/NonAdmin/MakeMeAdmin.zip

Another useful tool developed by Margosis is PrivBar for Windows
Explorer and Microsoft Internet Explorer (IE). PrivBar helps you see
what security context a particular instance of Windows Explorer or IE
is running under. When you install PrivBar, a toolbar is added to both
those applications. The toolbar displays the domain and username as
well as the group that the account belongs to. The toolbar is
color-coded to grab your attention when you run an instance under a
highly privileged account, such as an account in the Administrators
group.

According to Margosis, "PrivBar shows you roughly what your privilege
level is by checking the current process' token for membership in
Administrators, Power Users, Users, or Guests. The circle on the bar
will be red if you are in Administrators, yellow if you are Power
User, green otherwise. If you are an admin, the bar's background will
be yellow. Finally, if that instance is running with a restricted
token (e.g., by using the RunAs dialog's "protect my computer" option,
...), the circle will be green with a red line through it. (...
PrivBar uses the CheckTokenMembership API, so yes, it properly takes
into account disabled or deny-only SIDs.)" You can read about the tool
and see screen shots of it at the first URL below and download it at
the second URL.
   http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx
   http://www.speakeasy.org/~aaronmar/NonAdmin/PrivBar.zip

If you're a developer interested in the CheckTokenMembership API, you
can learn more about it at the Microsoft Developer Network (MSDN) Web
site.

http://msdn.microsoft.com/library/en-us/secauthz/security/checktokenmembersh
ip.asp

=
Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.


********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

• » [windows2000] FW: Security UPDATE-- Two Security Add-ons--August 11, 2004

1. Home
2. windows2000
3. Archive
4. 08-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---