Trying to survive on standard or limited user acount

[mirado.kelly]

I have recently been forced to take a closer look at system security after recovering from a malware infection and potential rootkit. It is well known to not run as Administrator but rather a lesser privledged standard user acount. I have XP SP2 and have just finished changeing my acount from admin to standard, and renameing the admin acount. I have noticed that with this limitation I cannot even make changes to my network connections.

Is there a known way for me to edit network connections, without haveing to logout and back in as admin?

Also I changed the login to require CTRL ALT DEL as sugested on many security sites, but how is this suposed to enhance system security?

[sec_ware]

Hi

I would like to point out two issues:


ctrl-alt-del and the "trusted path"

Imagine that you approach a pc somewhere. The typical
login-screen is visible. You enter your username and
password, done - you are logged on. But can you be sure
that you indeed have used the "original" login-screen and
not a fake-login-program started by the previous user of that
particular pc in order to capture your credentials?

On a windows system, if you press ctrl-alt-del, the task
manager would appear if a "usual" fake-login-program is
running, rather than the login/password box. If there is a
non-interceptable mechanism (like ctrl-alt-del), we are
talking about a trusted path. There are a few conditions
and assumptions here, but this is the main idea.



run commands under administrator privileges

The key word here is "runas"[2]. I am not sure what
you mean by "edit network connections", but the runas
command should allow you whatever you want to.

As an alternative you might right-click an executable
(or create a shortcut to an executable) and alter the
credentials under which the executable will be started.


Cheers


[1] http://support.microsoft.com/default...en-us%3B555476
[2] http://www.microsoft.com/resources/d...-us/runas.mspx

[mirado.kelly]

Thanks, that explains very well the question reguarding ctrl alt del, now I completely understand.

As for my main question, how to edit network conections, what i mean by this is, Control Pannel> Network Connections> Right click and properties on a Local Area connection

Sorry I had not made my question clear. In case of this, I have tryed the Right click but runas isnt an option for Network Connections.

Ok so I found a batch file MakeMeAdmin.cmd that prompts me for the admin password and opens a cmd prompt with admin privleges. So then I discover that control netconnections opens up the Network connections window. And I thought great, but then i right click on a connection and properties and once again I get the notice that apears on a limited acount.

Oh well.

[mirado.kelly]

Ok I have discovered that I can access the Network Connections with almost admin privledges by adding myself to the "Network Configuration Operators" group, and this solves my problem.

Now I can quickly change DNS servers whenever I need to without hassle.

Thanks again. Your explanation on the ctrl alt del was clear. I wounder though if there is a way to install a hook that would intercept ctrl alt del sequence, I will leave that for another learning project, for now all my questions are answered.

[sec_ware]

Hi

for example dns

I would not increase the rights of your default user.
Furthermore, it is not needed.
To change the DNS server configuration of a particular
interface, here called "Local Area Connection":

Code:

>runas /user:administrator netsh
netsh>interface ip
netsh interface ip>add dns "Local Area Connection" 123.234.345.456 1

Have a look at the netsh documentation[1].

ctrl-alt-del trapping

On 2000 and XPSP1 it was possible to trap ctrl-alt-del[2], never tested
never editions. However, in order to do so you need privileges, a
standard user does not have. In any case, once someone got
administrator or SYSTEM privileges, he could try to install a kernel-mode
rootkit - as you know Trapping ctrl-alt-del may then not longer be
needed.



Cheers


[1] http://www.microsoft.com/resources/d...sh_int_ip.mspx
[2] http://www.codeproject.com/system/preventclose.asp

[mirado.kelly]

Many thanks, you are very helpfull. Im just now checking out the netsh method and looking up the documentation and resources. I apreciate your help.

[UPDATE]I have now found the documentation for netsh, and am now sucessfull in adding and removeing dns addresses to my LAN conection. I have now removed myself from the Network Operators group and am back to the lesser privledged Standard User (Power User) acount[/UPDATE]

[geepod]

i have just recently posted a thread concerning this actually.

There are many complicated ways to do this, howeer simple tried and truted method is to do the following.

Go to the programs menu and find Internet explorer or use the one on the quick launch menu.

Right click and choose runas.

Use whatever admin accouht information you have.

Then this will run internet explorer with admin privelege.

IN the address bar just type control panel.

This will open control panel with admin privelege which you can then use for any task you like./

there are tons of articels on the net about using cmd under admin then using the .cpl files to do admin tasks but you need to remember the filenames etc. I prefer to do this as it gives access to everything for as long as you need it.

hope this helps

[mirado.kelly]

Very interesting, I had known about using IE as a file browser and Explorer as a Internet Browser but never realy thought of this. I just did some searching for runas and found a bun ch of replacements. Now ill have to experiment with all these new ideas. But at least now I can survive in a standard user acount which was my goal.

Many thanks everyone.

I will ad that although I had been told time and time again never to run as admin unless you need those extra privledges, I never listened. For 3 years ive been running as admin and now to change all this is a new learning experince but with everyones help i now have the tools I need, thanks.