Sudo, and the equivalents I've seen, allow for a configurable password
separate from the admin password, and allow you (the admin) to configure
pretty specifically what commands/services can be accessed at what levels.

The problem I see here is on MS products, once you are running and
configuring IIS, you pretty much have the keys to the kingdom (thank you,
Bill!)

dcdave
----- Original Message -----
From: "Michael Leone" <turgonmike-leone.com>
To: "Gustavo Basualdo" <guasamanhotmail.com>; <focus-mssecurityfocus.com>
Sent: Monday, June 18, 2001 1:26 PM
Subject: Re: sudo for windows

>
> ----- Original Message -----
> From: "Gustavo Basualdo" <guasamanhotmail.com>
> To: <focus-mssecurityfocus.com>
> Sent: Friday, June 15, 2001 7:25 PM
> Subject: sudo for windows
>
>
> > I need the equivalent of UX sudo utility for Windows meaining what i
want
> to
> > do is give a standard user the ability to run an application (i.e. IIS)
as
> > an administrator without having to enter the admin password account to
do
> so
> > (thats why runas or RKit su.exe wont work).
>
> I've never seen a sudo implementation (on Linux, anyway) that did NOT ask
> for the admin password. Consider - if it doesn't ask for the admin
password,
> that's the same as the admin having NO password, since anyone can be
admin,
> with no password.
>
> Do you want them to run an APPLICATION or a SERVICE? IIS is a service, not
> an app.
>
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]