From owner-freebsd-security@FreeBSD.ORG Thu Mar 3 14:06:38 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53CC816A4CE for ; Thu, 3 Mar 2005 14:06:38 +0000 (GMT) Received: from mail.scls.lib.wi.us (mail.scls.lib.wi.us [198.150.40.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD4E643D54 for ; Thu, 3 Mar 2005 14:06:37 +0000 (GMT) (envelope-from nalists@scls.lib.wi.us) Received: from [172.26.2.238] ([172.26.2.238]) by mail.scls.lib.wi.us (8.12.9p2/8.12.9) with ESMTP id j23E6akA057927; Thu, 3 Mar 2005 08:06:36 -0600 (CST) (envelope-from nalists@scls.lib.wi.us) Message-ID: <422719BC.8060600@scls.lib.wi.us> Date: Thu, 03 Mar 2005 08:05:48 -0600 From: Greg Barniskis User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alec Berryman References: <4226C4DF.3050806@winbot.co.uk> <1109839352.4804.24.camel@red.nativenerds.com> <4226D0A2.70508@winbot.co.uk> <20050303125702.GA52534@thened.net> In-Reply-To: <20050303125702.GA52534@thened.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: Renaming root account X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 14:06:38 -0000 Alec Berryman wrote: ... > On our networks we have certainly changed the Windows Administrator > account's name, but that's mostly because there's no good way to > remotely log in as an unprivileged user and perform the equivalent of > 'su -'. [1] ... > > > [1] I'm no Windows guru - if there is a way I'd certainly like to know! Alec, see the URL below re: the "runas" cmd line tool and the "Run as..." GUI widgetry (the link is probably wrapped and broken): http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/windows_security_runas.htm?id=767 Sorry to everyone else for bringing the site of the beast into this forum, but this is an important and not well-understood feature of modern Windows (and the question was raised). I like to use runas best on the command line, which I find is most effective with a batch wrapper so I don't have to type in all the syntax. Never tried using it remotely, but I assume it would work. The only thing I don't understand is why MS doesn't trumpet this privilege differentiation feature during the OS installation (like FreeBSD and others do) so that people could be, like, clueful and stuff. I guess it'd lower their demand for paid tech support. ;-) -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348