Date: Thu, 03 Mar 2005 08:05:48 -0600 From: Greg Barniskis <nalists@scls.lib.wi.us> To: Alec Berryman <alec@thened.net> Cc: freebsd-security@freebsd.org Subject: Re: Renaming root account Message-ID: <422719BC.8060600@scls.lib.wi.us> In-Reply-To: <20050303125702.GA52534@thened.net> References: <4226C4DF.3050806@winbot.co.uk> <1109839352.4804.24.camel@red.nativenerds.com> <4226D0A2.70508@winbot.co.uk> <20050303125702.GA52534@thened.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alec Berryman wrote: ... > On our networks we have certainly changed the Windows Administrator > account's name, but that's mostly because there's no good way to > remotely log in as an unprivileged user and perform the equivalent of > 'su -'. [1] ... > > > [1] I'm no Windows guru - if there is a way I'd certainly like to know! Alec, see the URL below re: the "runas" cmd line tool and the "Run as..." GUI widgetry (the link is probably wrapped and broken): http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/windows_security_runas.htm?id=767 Sorry to everyone else for bringing the site of the beast into this forum, but this is an important and not well-understood feature of modern Windows (and the question was raised). I like to use runas best on the command line, which I find is most effective with a batch wrapper so I don't have to type in all the syntax. Never tried using it remotely, but I assume it would work. The only thing I don't understand is why MS doesn't trumpet this privilege differentiation feature during the OS installation (like FreeBSD and others do) so that people could be, like, clueful and stuff. I guess it'd lower their demand for paid tech support. ;-) -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?422719BC.8060600>