Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fast Switch Batch File USER>ADMIN>USER


  • Please log in to reply
3 replies to this topic

#1 sired

sired

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 26 February 2010 - 11:49 PM

Hi everyone.

Testing Limited User in XP for some extra measure of protection I believe is worth using.

Later SuRun may be an option though I hear the learning curve is steep, no time right now, & ... step by step. SunRun may be overkill, not sure yet.

At these initial test stages frequent switches USER>ADMIN>USER are necessary to tweak Security Restrictions to USERS from within Administrator. Plus, also testing SHADOW DEFENDER virtual disk whose controls can only accessed from Admin.

To speed the process somewhat I placed shortcuts in both Admin & User Quick Launch

ADMIN
Desktop>RtClk>New>Shortcut >Browse>select C:\WINDOWS\system32\tsdiscon.exe>Next>Rename>Assign shortcut key>OK

Choose suitable icon & place in Quick Launch, repeat in USER.

So ... the buttons are one step to a faster more convenient switch USER>ADMIN>USER routine. Simplifying passwords speeds things further.


Next step, if possible, if some kind fellow would assist, is to extend this routine to a batch file including appropriate PASSWORDS enable Quick Launch buttons to complete the switch process USER>ADMIN / ADMIN>USER without intervention.

All advices very much appreciated

Thanks for reading ...

Edited by sired, 26 February 2010 - 11:55 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:27 AM

Posted 27 February 2010 - 12:26 PM

Let me get this straight -- you want to change the currently logged on user to the window station using a batch file?

If so, you're not going to be able to do it. You'd have to patch Windows itself to allow that because you would have to "hack" Winlogon.exe to allow it. And while this might be possible to do with a sufficiently complicated program, you'd need to be using a real programming language to do it -- not a batch file. And it'd probably be several thousand lines. And It'd probably break every time winlogon got replaced by windows update......

With fast user switching you should be able to switch in 3 clicks anyway even without your batch .... I'm really wondering if all this effort is worth it. The batch drops it to two clicks but ....

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:05:27 AM

Posted 27 February 2010 - 01:22 PM

Just my $0.02 here, and this may not be what you're looking for but it's a neat little app: There's a program called DropMyRights. What it does is alter the security token for a given program so that even if the user is logged is as an Admin, the program runs with a lower privilege level. This is ideal for running vulnerable programs such as e-mail clients and web browsers.

Conversely, there's a batch script called MakeMeAdmin that can allow a non-admin user temporary Admin rights, provided you have the Admin password.

#4 projectfocus

projectfocus

  • Members
  • 474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brighton
  • Local time:01:27 PM

Posted 02 March 2010 - 10:32 AM

you also can add the runas command in a batch file to increase the level to a specific user account. You can also add a password to this but I would not recomend it as this is hard coded int the batch file. If this is used to run a lower level account with specified details then this is not an issue but it is if you are raising to an administrator account. I will look for the syntax for you. I have used this is in the path and it will off you to enter a password then load the program.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users