CPAU utility


Basically this is a runas replacement. Also allows you to create job files and encode the id, password, and command line in a file so it can be used by normal users.

Now there is one fun thing that people don't seem to get the hang of with network credentials. When you establish them, the password is NOT verified until you try to connect to something. So you can type in any password you want and it will fire up the process for you. When you go to touch the remote resource is when you will catch the error if you typed the password wrong, keep that in mind, it is important. Note that the program isn't broken, that is how it HAS to work.

Another thing that confused people is security of network drives. When you spawn a process in another security context, you lose access to your current network drives. This is a security function Microsoft has been implementing. It wasn't the case in Windows NT and I know of no way to help you get it re-enabled because you can't. You should use UNC's as much as possible for connecting to remote file shares.

One function that people kept asking for that I eventually added was the ability to encode the userid, password, and command line to be executed in an encrypted file. I have done that but instead of dealing with the massive issues in making encryption work well for everyone I have set up a proprietary encoding algorithm that seriously obfuscates the information in the encoded file. Again, this is NOT strong encryption. This tool is too cheap for me to go through the hassle of dealing with people having encryption issues. I will say that the encoding is pretty decent but I have no doubt that someone who was seriously interesting in cracking it certainly could given enough time. On the positive side there is a large use of random numbers in the encoded file and the same command with the same ID and password will not generate the same encoded file two times. This makes it much tougher to crack the file.

Along with the encoding option there is a crc option that will allow you to generate CRCs for the files and store those in the encoded file as well. If the CRC check fails, the job file will not execute.

The format of encoded file is a simple text format so if you want to copy and paste it or email it to someone, you will be able to do so without hassle.

My number one email with CPAU is about people trying to use it to run logon scripts and it not supposedly switching the context of the user to the admin context. The answer is always, use the -profile switch. My next most common email is people doing things with spaces in the paths and not properly using quotes. If something doesn't work right, use -profile and use quotes before trying to contact me. Note that if you are using job files, you specify the - profile on the command line when you decode the job file, not when you encode it.


Comment List
Related Discussions