- Bearbeitet
Hello,
First of all, this is my first post in these forums but I've been a SuRun user since the first beta of 1.2.0.9 version. Thanks Kay for this very good piece of software!
And now the question ;-) I have a BAT file (StartCMDAdmin.bat) with the following content:
Well, I'm trying to do this "on demand" (i.e. the user asks for having access to this BAT file) putting this file in a network share protected by ACL's. For example, imagine the user has mapped a share (net use t: \\server\share) and the BAT file is in t:\Tools.
Then I define T:\Tools\StartCMDAdmin.bat (SuRun complains "the command line doesn't seem to work") but if the user executes it, it starts a cmd.exe with normal privileges. Why?
If I create a second BAT file in C:\Tools (for example, StartConsole.bat) with the following content:
I suppose the first problem is something related with this second one.
Any idea about how to solve this? About how to have SuRun raise the privileges for files located in a network share? (I'm trying to do this because I can control access to these tools using AD groups in a more dynamic mode than modifying SuRun settings locally for an user, one by one).
Thank you very much.
Manel Rodero
PS: One more thing. The execution of the CMD from inside of the BAT file as admin only works if I check the option "create a hook in all processes ...". Why? Because the CMD is not using the user interface for starting the CMD? But, I've found that marking this option has some "problems" like SuRun trying to execute as admin some other proccesses not in the list (like the addition of a new driver when connecting a Nokia phone) ...
First of all, this is my first post in these forums but I've been a SuRun user since the first beta of 1.2.0.9 version. Thanks Kay for this very good piece of software!
And now the question ;-) I have a BAT file (StartCMDAdmin.bat) with the following content:
@echo off
start c:\windows\system32\cmd.exe /t:17
Well, I'm trying to do this "on demand" (i.e. the user asks for having access to this BAT file) putting this file in a network share protected by ACL's. For example, imagine the user has mapped a share (net use t: \\server\share) and the BAT file is in t:\Tools.
Then I define T:\Tools\StartCMDAdmin.bat (SuRun complains "the command line doesn't seem to work") but if the user executes it, it starts a cmd.exe with normal privileges. Why?
If I create a second BAT file in C:\Tools (for example, StartConsole.bat) with the following content:
@echo off
start t:\tools\console.exe
I suppose the first problem is something related with this second one.
Any idea about how to solve this? About how to have SuRun raise the privileges for files located in a network share? (I'm trying to do this because I can control access to these tools using AD groups in a more dynamic mode than modifying SuRun settings locally for an user, one by one).
Thank you very much.
Manel Rodero
PS: One more thing. The execution of the CMD from inside of the BAT file as admin only works if I check the option "create a hook in all processes ...". Why? Because the CMD is not using the user interface for starting the CMD? But, I've found that marking this option has some "problems" like SuRun trying to execute as admin some other proccesses not in the list (like the addition of a new driver when connecting a Nokia phone) ...