|
Friday, January 27, 2006
Dreaming of SU in MSH?
here.
Shame on myself! I should do more research before posting a blog entry. MoW already had a similar script a couple of months ago.
Want to run a MSH script as another windows user? You got it now! I am not talking about Runas.exe. It is a MSH script to start new msh.exe process with a differnt windows identity. Just like su.exe in Linux.
Added on 23rd Feb 2006, 08:40
Jeffrey Snover Suggested to add the following line:
Added on 27th Jan 2006, 15:46
In Monad beta3 version, the default behavior of get-credential was changed to "CredUI". "CredUI returns a username with "\" prepended. When passing that to the Process.Start method, it has intermittent difficulty dealing with that form of a username. " --Lee Holmes
To change it back to CLI, run following script:
See newsgroup thread here for details. Also checkout ::: MSH ::: Blog Entry for this issue.
/Added on 27th Jan 2006, 15:46
So if you were a non-privilege user "testac" , you run id.msh:
UserSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx (Domain\testac)
AuthenticationType= NTLM
ImpersonationLevel= None
Token= xxxx
Groups=
GroupSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx (Domain\None)
GroupSID= S-1-1-0 (Everyone)
GroupSID= S-1-5-32-545 (BUILTIN\Users)
GroupSID= S-1-5-4 (NT AUTHORITY\INTERACTIVE)
GroupSID= S-1-5-11 (NT AUTHORITY\Authenticated Users)
GroupSID= S-1-2-0 (LOCAL)
After su to an Administrator user "tony". Then you run id.msh again in new msh.exe window:
UserSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxx (Domain\tony)
AuthenticationType= MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
ImpersonationLevel= None
Token= xxxx
Groups=
GroupSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx (Domain\None)
GroupSID= S-1-1-0 (Everyone)
GroupSID= S-1-5-32-544 (BUILTIN\Administrators)
GroupSID= S-1-5-32-545 (BUILTIN\Users)
GroupSID= S-1-5-4 (NT AUTHORITY\INTERACTIVE)
GroupSID= S-1-5-11 (NT AUTHORITY\Authenticated Users)
GroupSID= S-1-2-0 (LOCAL)
Have Fun!
[Edit: Monad has now been renamed to Windows PowerShell. This script or discussion may require slight adjustments before it applies directly to newer builds.]
(Added on Mar 6th) There is a follow up post on this topic Shame on myself! I should do more research before posting a blog entry. MoW already had a similar script a couple of months ago.
Want to run a MSH script as another windows user? You got it now! I am not talking about Runas.exe. It is a MSH script to start new msh.exe process with a differnt windows identity. Just like su.exe in Linux.
###########################################
# File Name: su.msh
# Launch a new msh.exe with someone else's identity
# from tony http://mshforfun.blogspot.com/
###########################################
$SuAccount = get-credential
$StartInfo = new-object System.Diagnostics.ProcessStartInfo
$StartInfo.FileName = "msh.exe"
$StartInfo.UserName = $SuAccount.UserName
$StartInfo.Password = $SuAccount.Password
$StartInfo.LoadUserProfile = $true
$StartInfo.UseShellExecute = $false
$StartInfo.WorkingDirectory = (get-location).Path
[System.Diagnostics.Process]::Start($StartInfo)
Added on 23rd Feb 2006, 08:40
Jeffrey Snover Suggested to add the following line:
$StartInfo.Arguments="-noexit -command `$Host.UI.RawUI.WindowTitle=\`"Microsoft Command Shell ($($SuAccount.UserName)) \`""Added on 23rd Feb 2006, 08:40
Added on 27th Jan 2006, 15:46
In Monad beta3 version, the default behavior of get-credential was changed to "CredUI". "CredUI returns a username with "\" prepended. When passing that to the Process.Start method, it has intermittent difficulty dealing with that form of a username. " --Lee Holmes
To change it back to CLI, run following script:
new-property HKLM:\SOFTWARE\Microsoft\MSH\1\ShellIds `
-property ConsolePrompting -value "True" -force
See newsgroup thread here for details. Also checkout ::: MSH ::: Blog Entry for this issue.
/Added on 27th Jan 2006, 15:46
So if you were a non-privilege user "testac" , you run id.msh:
UserSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx (Domain\testac)
AuthenticationType= NTLM
ImpersonationLevel= None
Token= xxxx
Groups=
GroupSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx (Domain\None)
GroupSID= S-1-1-0 (Everyone)
GroupSID= S-1-5-32-545 (BUILTIN\Users)
GroupSID= S-1-5-4 (NT AUTHORITY\INTERACTIVE)
GroupSID= S-1-5-11 (NT AUTHORITY\Authenticated Users)
GroupSID= S-1-2-0 (LOCAL)
After su to an Administrator user "tony". Then you run id.msh again in new msh.exe window:
UserSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxx (Domain\tony)
AuthenticationType= MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
ImpersonationLevel= None
Token= xxxx
Groups=
GroupSID= S-1-5-21-xxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxx (Domain\None)
GroupSID= S-1-1-0 (Everyone)
GroupSID= S-1-5-32-544 (BUILTIN\Administrators)
GroupSID= S-1-5-32-545 (BUILTIN\Users)
GroupSID= S-1-5-4 (NT AUTHORITY\INTERACTIVE)
GroupSID= S-1-5-11 (NT AUTHORITY\Authenticated Users)
GroupSID= S-1-2-0 (LOCAL)
Have Fun!
[Edit: Monad has now been renamed to Windows PowerShell. This script or discussion may require slight adjustments before it applies directly to newer builds.]
Tags: msh monad PowerShell
Comments:
<< Home
No shame I did worse with my imageviewer LOL ;-)
b.t.w. did you see the solution from Marcel Ortiz in the NG,
in the thread : How to impersonate as a different user? (MSH)
that is wat I'm using to get a nested prompt at the moment, real cool.
I'm thinking about re-doing it as a cmdlet sometime ;-)
gr /\/\o\/\/
b.t.w. did you see the solution from Marcel Ortiz in the NG,
in the thread : How to impersonate as a different user? (MSH)
that is wat I'm using to get a nested prompt at the moment, real cool.
I'm thinking about re-doing it as a cmdlet sometime ;-)
gr /\/\o\/\/
You might consider adding the following line to your SU.MSH script. It will set the window Title so you know who you are running as.
$StartInfo.Arguments="-noexit -command `$Host.UI.RawUI.WindowTitle=\`"Microsoft Command Shell ($($SuAccount.UserName)) \`""
Jeffrey Snover
Monad Architect
$StartInfo.Arguments="-noexit -command `$Host.UI.RawUI.WindowTitle=\`"Microsoft Command Shell ($($SuAccount.UserName)) \`""
Jeffrey Snover
Monad Architect
<< Home
Post a Comment