Hi Mike, Thank you. I did get some ideas from those that hit me up off the list. I had three recommendations. Danilo recommended EncryptedRunAS software from http://www.wingnutsoftware.com/ Ty recommended a product from Avecto called Privilege Guard that his company is using with great results. Craig recommended a third option but it may be the same concept as using a shortcut to 'runas /user:computername\administrator /savecred "Path To Executable"' command. Craig was going to double check when he had time. I haven't had been able to download and do any testing yet but I really appreciate all the recommendations!
On Tue, Jun 18, 2013 at 9:53 AM, Mike Perez <[email protected]> wrote: > As luck would have it, I'm in the Windows Security class with Jason > Fossen. I'll ask him if he has any specific recommendations. > > Did you get any feedback from the list yet? If so, please share! > > Thanks, > Mike > > > On Sun, Jun 16, 2013 at 10:25 PM, Michael Salmon <[email protected]>wrote: > >> Hi guys, >> Got a question I'd like to get some advice on. I support a Windows 7 >> environment and we stripped the users of admin rights, however there are >> some applications that still require admin rights to run. >> For one user I tried setting him up with a 2nd account w/ admin rights so >> he could Run As the program with it but he figured out that it works for >> any software and abused it (yeah, I know.. big surprise). Another option >> I've looked into is creating a shortcut to the program that uses the runas >> /savecred for the default admin account to launch the program but then any >> malicious program (or smart user) can launch most executables by using the >> runas /savecred without needing to enter the admin password. While I do >> believe this is still better then always running as admin, it's not the >> best option. >> How do others in their environments handle these situations? >> One option that has been brought up is granting users admin rights and >> using a white list software to prevent launching any programs that aren't >> approved. I'm not sure how easy these are to work around or maintain as I >> haven't tested any whitelisting software yet. >> >> Thanks guys! >> BTW, PDC guys/girls did a great job hosting and presenting at Security-B >> sides in RI! I had a great time, and a thank you to Mike Perez who provided >> some great info for security noobs like me :) >> >> - Michael Salmon >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > Mike Perez > Executive Producer, PaulDotCom Security Weekly > > PaulDotCom Enterprises > Web: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
