Good tip. Since it is difficult to find any information about this tool on
the Microsoft Web site I thought I'd save some of you the trouble of
searching:
----
Bruce K. Marshall - bruce_marshall (at) ins (dot) com [email concealed] - 913-484-7233
International Network Services (INS) - Kansas City
"The knowledge behind the network."
----- Original Message -----
From: <travis.abrams (at) hklaw (dot) com [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Sunday, June 15, 2003 7:56 PM
Subject: RE: Question regarding su.exe
If you are using Active Directory check out the Elevated Privileges
Application Launcher (EPAL) it is free from MS. You can use OU's and
groups to control access to the app.
-----Original Message-----
From: Ben Collins [mailto:BenCollins (at) gateshead.gov (dot) uk [email concealed]]
Sent: Thursday, June 12, 2003 6:23 AM
To: 'focus-ms (at) securityfocus (dot) com [email concealed]'
Subject: Question regarding su.exe
Hello,
We have an external software supplier who has recently updated their
product. Unfortunately the only way the application will now work
correctly is if the user has Administrative rights. As an organisation
we are reluctant to give these rights to our users. The suppliers have
suggested that we use su.exe.
Is the usage of su.exe susceptible to the same kinds of problems as
running a UNIX application suid? Specifically, if the application
breaks, will the user be left with elevated privileges?
Thanks,
Ben Collins
**********************************************
Important Information
This e-mail constitutes a confidential communication and is subject to
legal privilege. If you have received this e-mail in error, please
notify us immediately. You should not use or copy it for any purpose,
nor disclose it to any other person.
**********************************************
Good tip. Since it is difficult to find any information about this tool on
the Microsoft Web site I thought I'd save some of you the trouble of
searching:
http://www.microsoft.com/downloads/details.aspx?FamilyID=cf3cc921-9b8e-4
266-a905-2e2a20217ce0&DisplayLang=en
----
Bruce K. Marshall - bruce_marshall (at) ins (dot) com [email concealed] - 913-484-7233
International Network Services (INS) - Kansas City
"The knowledge behind the network."
----- Original Message -----
From: <travis.abrams (at) hklaw (dot) com [email concealed]>
To: <focus-ms (at) securityfocus (dot) com [email concealed]>
Sent: Sunday, June 15, 2003 7:56 PM
Subject: RE: Question regarding su.exe
If you are using Active Directory check out the Elevated Privileges
Application Launcher (EPAL) it is free from MS. You can use OU's and
groups to control access to the app.
=========================
Travis Abrams MCSE
=========================
-----Original Message-----
From: Ben Collins [mailto:BenCollins (at) gateshead.gov (dot) uk [email concealed]]
Sent: Thursday, June 12, 2003 6:23 AM
To: 'focus-ms (at) securityfocus (dot) com [email concealed]'
Subject: Question regarding su.exe
Hello,
We have an external software supplier who has recently updated their
product. Unfortunately the only way the application will now work
correctly is if the user has Administrative rights. As an organisation
we are reluctant to give these rights to our users. The suppliers have
suggested that we use su.exe.
Is the usage of su.exe susceptible to the same kinds of problems as
running a UNIX application suid? Specifically, if the application
breaks, will the user be left with elevated privileges?
Thanks,
Ben Collins
**********************************************
Important Information
This e-mail constitutes a confidential communication and is subject to
legal privilege. If you have received this e-mail in error, please
notify us immediately. You should not use or copy it for any purpose,
nor disclose it to any other person.
**********************************************
------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------
------------------------------------------------------------------------
----
-
------------------------------------------------------------------------
----
--
------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------
[ reply ]