Good tips for elevating to Admin priviledges from Windows .Net magazine security newsletter. JK 1. In Focus: Two Security Add-ons ==== Sponsor: Free Download! New Sitekeeper(R) 3.1 ==== Keeping track of your software licenses and staying up-to-date with the latest patches is a pain -- especially if you have to do it manually. But unless you stay on top of licenses and patches, you're opening your site up to legal action and security breaches. *** NEW Sitekeeper 3.1 is the simple, affordable way to automate your systems management. Sitekeeper handles hardware and software inventories, license compliance reports and software/patch installation with just a few clicks of your mouse. No special training or dedicated hardware neededin fact, you can start managing within minutes of installation. It's systems management software -- simplified! Try Sitekeeper FREEclick on http://list.winnetmag.com/cgi-bin3/DM/y/eg2J0CHwLr0CBw0BKQZ0A5 ==================== ==== 1. In Focus: Two Security Add-ons ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net If you typically log on to your system by using a regular user account, you probably sometimes need to have Power User or Administrator privileges in the domain to perform necessary actions. Sometimes gaining the required privileges can be cumbersome, depending on your needs. You can accomplish the temporary elevation of privileges by using the RunAs command manually, but there's a much quicker way. Aaron Margosis wrote a useful add-on command script for Windows that can help you with running applications in a higher security context. His script MakeMeAdmin automates the process of using the RunAs command to elevate your privileges. The script performs three actions: Adds your current user account to the local Administrators group, launches a command shell and any other application you want to run, then removes your account from the local Administrators group. You can read an explanation of scenarios in which MakeMeAdmin might come in handy at Margosis's Web log (blog) at the first URL below. You can download a copy of MakeMeAdmin (in a .zip file) at the second URL below. The .zip file also contains a second script, MakeMePU, which elevates your privileges to the Power Users group instead of the Administrators group. http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx http://www.speakeasy.org/~aaronmar/NonAdmin/MakeMeAdmin.zip Another useful tool developed by Margosis is PrivBar for Windows Explorer and Microsoft Internet Explorer (IE). PrivBar helps you see what security context a particular instance of Windows Explorer or IE is running under. When you install PrivBar, a toolbar is added to both those applications. The toolbar displays the domain and username as well as the group that the account belongs to. The toolbar is color-coded to grab your attention when you run an instance under a highly privileged account, such as an account in the Administrators group. According to Margosis, "PrivBar shows you roughly what your privilege level is by checking the current process' token for membership in Administrators, Power Users, Users, or Guests. The circle on the bar will be red if you are in Administrators, yellow if you are Power User, green otherwise. If you are an admin, the bar's background will be yellow. Finally, if that instance is running with a restricted token (e.g., by using the RunAs dialog's "protect my computer" option, ...), the circle will be green with a red line through it. (... PrivBar uses the CheckTokenMembership API, so yes, it properly takes into account disabled or deny-only SIDs.)" You can read about the tool and see screen shots of it at the first URL below and download it at the second URL. http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx http://www.speakeasy.org/~aaronmar/NonAdmin/PrivBar.zip If you're a developer interested in the CheckTokenMembership API, you can learn more about it at the Microsoft Developer Network (MSDN) Web site. http://msdn.microsoft.com/library/en-us/secauthz/security/checktokenmembersh ip.asp = Windows & .NET Magazine, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All rights reserved. ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm