Several days ago, I blogged about the free tool Steel Run As. It allows standard users to run a program with administrator rights. Since then, I came across two other tools that serve the same purpose. One is the free command line tool CPAU, recommended by Andrew in my earlier post. The other is RUNASSPC (RUNAS + PASSWORD + ENCRYPTION) which is only free for personal use. Prices range between 20 and 200 Euros, depending on the number of computers you have in your network. While playing with RUNASSPC, I learned something new about Steel Run As, which simplifies its usage under Vista if UAC is enabled.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
I assumed that it is necessary to avoid a UAC prompt if someone with standard user rights runs a program that requires admin rights. For this reason, I included the elevate command in the batch script, in my example that allows standard users to change the TCP/IP settings.
However, it is also possible to elevate the batch script by using the Powertoys elevate tool as the command to execute, and the patch script as parameter (see screenshot). This will trigger a UAC prompt, but the user doesn't require the administrator password to proceed (usually the case if someone with standard rights launches a program that needs admin privileges). This works with Steel Run As and RUNASSPC. I also tried it with CPAU, but its password encoding feature doesn't seem to work properly in Vista.
Note: Only the checksum of the elevate command will be verified; you have to make sure that end users don't have the right to modify the batch script. Anyone who can edit the file will be able to execute any program with administrator rights.
RUNASSPC and Steel Run AS are quite similar tools. The difference is that RUNASSPC creates an encrypted, not executable, file which contains the administrator password. To let a standard user run a program with admin rights, you must start the program on the command prompt, using the encrypted file as parameter. You can create a shortcut if you want to launch the program from the desktop.
RUNASSPC has a few more options than Steel Run As, such as logon with and without profile (see screenshot). I am unsure if this justifies its price. CPAU offers even more options. However, beside the fact that it has problems with Vista, its disadvantage is that the author admits that CPAU's proprietary encoding algorithm might not be secure. RUNASSPC, on the other hand, uses the Rijndaels AES 256 Bit encryption method, which should be secure enough. I also contacted Steelsonic, the publisher of Steel Run As, to find out how their tool secures the password—unfortunately, they didn't respond. Hence, RUNASSPC may be the best choice; at least you know the admin password is safe.
Subscribe to 4sysops newsletter!
I only recommend using these tools if there is no other way to get the job done. Even if the tool of your choice is secure, storing the administrator password in a file is always risky. Making a mistake might compromise your whole network. One way to lower the risk is to use an account that has just enough privileges for the task.
This is very good…
http://www.quimeras.com/Products/displayproduct.asp?IdProduct=4
Regards
Andrew, thanks. Looks interesting.
hi
about RunasSpc – I had a security analyst check the software and he found it uses a simple substitution ciper not aes or anything special.
I also did not see any mention of what security they use.
As a result I will probably opt for:
Encrypted Runas
http://www.wingnutsoftware.com/
Thanks for the tip!
Hi There,
I came across this review about Run-As while surfing the net casually. I would like to add up that Steel Run-As uses RC4 encryption with PRG (pseudo random seed) for encrypting the authentication parameters in the executable.
Thanks and regards,
Senthil
Regarding the solution I mentioned, http://www.quimeras.com/Products/displayproduct.asp?IdProduct=4, they rarely answer requests for support after you’ve purchased the product, very frustrating!
It doesn’t matter what type of encryption is used, any half-intelligent hacker can extract the password anyway. So
they should all change “secure” to “obfuscated”.
Thank you by your work to publish this information.
I remember of one tool that it itself run as administrator and all the user environment was under your control, and the user had user rights. Then, when an application needed to run under administrator priveleges, the tool could be configured to run it.
I’m at this moment looking for it.
Regards
hi, we have download steel run as and see, that we can do any installation. but after a while, the program is NOT FOR FREE – !
Here is what I’ve done to add RunasSPC as a (right click) .exe ext handler – works perfectly
I placed the EXE file in the “PATH” \windows\system32 directory
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\RunasSPC]
[HKEY_CLASSES_ROOT\exefile\shell\RunasSPC\command]
@=”runasspc.exe /program:\”%1\” /domain:\”localhost\” /user:\”administrator\” /password:\”\” /quiet”
Also it works in application Properties – “Target” shortcut
C:\WINDOWS\system32\runasspc.exe /program:”<Path to Program.exe" /domain:"localhost" /user:"administrator" /password:"<administrator password here" /quiet
runasspc is really a great simple solution, free
and is running on Windows 7
thanks a lot
These types of programs do *not* protect the credentials used, because they must ultimately call the Windows API and pass the decrypted credentials. Non-admin users can easily capture this information:
http://micksmix.wordpress.com/2013/03/20/capturing-credentials-from-encrypted-runas-software/
Thanks for the Useful post. Not freeware though.. good tool for a 15$ bargain…