programming4us
programming4us
DESKTOP

Windows Server 2008 Server Core : Working with Scripts - Impersonating a User with the RunAs Utility, Changing the Environment

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
11/12/2012 2:52:05 AM

1. Impersonating a User with the RunAs Utility

It's important to set security on your machine to prevent outside sources, especially those from email or Web sites, to run scripts on your machine. Of course, setting security to prevent others from executing virus-laden code also tends to keep your scripts from running—at least with the credentials of the current user. The RunAs utility provides a way for you to have great security and still allow script execution too. You use this utility to run a particular application with credentials other than those used by the current user. This utility uses the following syntax:

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ] /user:<UserName> program
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ] /smartcard
    [/user:<UserName>] program

The following list describes each of the command line arguments.


/noprofile

Specifies that you don't want to load the RunAs user's profile when running the application. The benefit of using this setting is that the application loads more quickly. In addition, this setting acts as a safety feature because the application you want to run is less likely to corrupt the RunAs user's settings. However, using this feature can prevent some applications from running, especially when they rely on settings in the user profile to perform certain tasks.


/profile

Specifies that you want to load the RunAs user's profile when running the application. This is the default setting.


/env

Specifies that you want to use the current environment, instead of the RunAs user's environment, to run the application. This feature is useful when the local environment differs from the environment that the RunAs user normally relies on to run applications.


/netonly

Specifies the credentials supplied for the RunAs user apply to remote access only.


/savecred

Uses the credentials previously saved by the RunAs user, rather than obtaining a new copy of the credentials.


/smartcard

Specifies that the RunAs user credentials appear on a smart card.


/user:
UserName

Specifies the username. You must supply the username in one of two forms, User@Domain or Domain\User.


program

Specifies the application you want to run as well as any command line switches the application requires to run.

2. Changing the Environment

Server Core provides the means to control the user's environment with greater accuracy through command line utilities. You can define whether the user can install applications, enable or disable session logons, and modify port configurations. The Change utility is the most powerful of the three because you can use it to perform any of these tasks. The remaining three utilities provide subsets of the Change functionality. The following sections describe these environment-changing utilities.

2.1. Changing Logons, Ports, and Users with the Change Utility

The Change utility helps you control the user's ability to install applications, enable or disable session logons, and control ports. You could consider each of these actions a specific utility mode, but the utility is quite simple, so this section describes all three tasks. This utility uses the following syntax:

CHANGE USER {/EXECUTE | /INSTALL | /QUERY}
CHANGE LOGON {/QUERY | /ENABLE | /DISABLE}
CHANGE PORT [portx=porty | /D portx | /QUERY]

The following list describes each of the command line arguments.


USER {/EXECUTE {Enable | Disable} | /INSTALL {Enable | Disable} | /QUERY}

Specifies whether the user has execute or install privileges. Follow the privilege with the word enable to enable the privilege or disable to disable the privilege. Use the /Query command line switch to determine the user's current capabilities.


LOGON {/QUERY | /ENABLE | /DISABLE}

Determines whether Server Core enables or disables session logons. The /Query command line switch displays the current session logon status.


PORT [portx=porty | /D portx | /QUERY]

Redefines the port configuration. You can assign a port to a particular device. Use the /D command line switch to remove the port assignment. The /Query command line switch displays the current port assignments.

2.2. Enabling or Disabling Session Logons with the ChgLogon Utility

Use the ChgLogon utility to enable or disable session logons. This utility uses the following syntax:

CHGLOGON {/QUERY | /ENABLE | /DISABLE}

2.3. Listing COM Port Mappings Using the ChgPort Utility

The ChgPort utility controls port assignments on the current system. This utility uses the following syntax:

CHANGE PORT [portx=porty | /D portx | /QUERY]

2.4. Modifying the Install Mode with the ChgUsr Utility

The ChgUsr utility controls the user's execute and install privileges on the system. This utility uses the following syntax:

CHGUSR {/EXECUTE | /INSTALL | /QUERY}
Other  
  •  Switching to Microsoft Windows 7 : Migrating Applications and Data to a New Windows 7 Computer (part 2)
    •
  •  Switching to Microsoft Windows 7 : Migrating Applications and Data to a New Windows 7 Computer (part 1)
    •
  •  Switching to Microsoft Windows 7 : Migrating Data on a Single Computer
    •
  •  The Download Directory - November 2012 (Part 3) - Multiplicity 2.0, LastPass Password Manager 2.0.0
    •
  •  The Download Directory - November 2012 (Part 2) - UltraVNC 1.1.0.0 Beta, Firefox 16 Beta 3, BlueScreenView 1.45 Description: BlueScreenView
    •
  •  The Download Directory - November 2012 (Part 1) - USB Disk Security 6.2, WindowBlinds 7.4
    •
  •  Windows Vista : Migrating User State Data - Developing Migration Files, Using USMT in BDD 2007
    •
  •  Windows 7 : Sharing Resources on a Network - Using Public Folders, Identifying Shared Folders, Sharing a Printer
    •
  •  Windows 7 : Sharing Resources on a Network - Windows 7 Homegroups
    •
  •  Windows Vista : Windows PowerShell (part 2) - PowerShell Variables, PowerShell Scripts, Automate Scripts with the Task Scheduler
    •
     
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
    		 
    		programming4us