runas的替代品CPAU使用
runas替代软件CPAU
在windows系统下,想要实现某个程序不论何时都以指定的用户身份登录,因此找到了CPAU这个软件
cpau官方网站:https://www.joeware.net/freetools/tools/cpau/index.htm
File: CPAU.exe
Size: 555520 bytes
File Version: 1.11.0.376
Modified: 2005年11月8日, 23:23:38
MD5: 7100F979B8516B8C1AE6FF858435626E
SHA1: C6A596B10BC8FD05F8A13859FEF8B2CF7A9360E7
CRC32: DD9BD789
用user身份运行WpfApp1
CPAU -u user -p password -ex WpfApp1.exe -lwp
注意1:当前用户administrator,测试发现,如果将CPAU放到桌面上,执行上述命令时会报错目录名无效,原因不知,将CPAU放到C:\windows 或 d:\下均不再报此错误,原因未知
cpau -u user -p password -ex "d:\WpfApp1.exe" -enc -file WpfApp1.txt
cpau -dec -file WpfApp1.txt -lwp
注意2:当前用户administrator,测试发现WpfApp1.txt放在当前用户administrator目录下,执行cpau -dec -file WpfApp1.txt -lwp命令的时候,会报错目录名无效,原因不知
其实还有其他替代品的比如:lsrunase,不过我没测试过,等以后用到了再补充进来
附CPAU导出的说明
Usage:
CPAU -u user [-p password] -ex "WhatToRun" [switches]
user User to log on as. Ex: user or domain\user
password User's password
WhatToRun What to execute
Switches: (designated by - or /)
-profile Do local logon with profile instead of net logon
-localwithprofile Alias for -profile
-lwp Alias for -profile
-localwithoutprofile Local logon but do not load profile.
-lwop Alias for -localwithoutprofile
-k Prefix command with cmd /k to leave window open
-c Prefix command with cmd /c to close window after exec.
-pipepwd Special method allows you to pipe password in
-enc Encrypt a job file for later user
-dec Use an ecrypted job file
-file Specify job file to execute or create
-wait Wait for process completion before returning.
-outprocexit Used with -wait, the errorlevel variable has the
exit code of the spawned process instead of cpau.
-cwd x Start at working directory x.
-hide Start the new process in a hidden state.
-title x Allow you specify title of command prompt windows.
-crc file[,file,file] This option allows you to encode
CRC info for files in the job file. When decoded
the CRC have to match or the program bombs. Note that
it will not chase paths looking for the file, you must
specify the exact path.
-nowarn Don't output warning about network logon.
Ex1:
cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -lwp
Runs perl script cleanup.pl as joehomejoe
Ex2:
cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -enc -file cleanup.job
Creates job file called cleanup.job to run perl script cleanup.pl as joehomejoe
Ex3:
cpau -dec -file cleanup.job -lwp
Execute job file cleanup.job
Ex4:
cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -wait -lwp
Runs perl script cleanup.pl as joehomejoe and waits for process to end
Ex5:
cpau -u joe -p logon -ex notepad.exe -lwp
Runs notepad as user joe
Ex6:
cpau -u joehome\joe -p logon -ex logonscript.cmd -lwp
Runs logon script in current directory as user joe (see note below)
Ex7:
cpau -u joehome\joe -p logon -ex logonscript.cmd -lwp -cwd c:\temp
Runs logon script in/from c:\temp as user joe (see note below)
Ex8:
cpau -u joe -p logon -ex logonscript.cmd -enc -file logon.job -crc logonscript.cmd
Encodes logon.job file and CRC protects the batch file
Notes:
I had to add some protection to this app. It seems people were running this with
a networked drive for the current working directory. Microsoft prevents cross-
security context access of network drives on purpose, this causes CPAU
to not be able to fire the process up. To correct for that, if CPAU realizes
your current working directory is a network drive it will change the CWD to the
default local path (usually c:\windows\system32). To override this functionality
you must specify the CWD option, note that if you set it to a network
drive you most likely will not function properly. Also note that this is
not a bug in CPAU, this is purposeful functionality from MS. You can see this
out of anything that changes your local security context.
If you are using this for a logon script or something else where
you need the permissions to take affect locally, you need to specify the
-lwp (or -profile) switch. By default the process spawned has the current
user's security context locally and the new security context remotely. Also
keep in mind the note above concerning network drives, logon scripts run from
network drives, you will need to set the CWD to a local machine
(c:\temp maybe) and copy whatever files are necessary locally and then run cpau.
As of Version 1.08.00 I have added the ability to insert environment variables
into the job file. Normally env vars get converted into their values
on the machine encoding the job file, I have made it so you can escape
these so they will get decoded on the machine that runs the job file.
To do this, on the command line when building the job file specify the
environment variable like {%{env-var}%} instead of like %env-var%. So
for instance if you wanted SystemRoot you would specify {%{SystemRoot}%}.
This only works for items that are part of the -EX parameter.
As of Version 1.08.00 I have also added additional protection around the CRC
option. When you add CRC files to the job file, cpau will mark the file in
such a way that no version prior to 1.08.00 will be able to use the job file.
This is to prevent someone from taking a 1.08.00 or better job file with CRCs
and use an older version of CPAU to avoid the CRCs.
As of Version 1.08.00 I have also added the feature to display the encoded
information when creating the job file. This should help reduce the questions
I am getting on why a certain job file doesn't work. Often what people specify
isn't encoded in the way they think, especially around env vars.
As of Version 1.11.00 the -lwop option was added which allows a local logon without
loading the user's profile. This may cause odd responses in some programs. If
you experience issues, use -lwp to load the user's profile to see if that works.
As of Version 1.11.00 I am specifically disallowing use from LocalSystem. This is
something that works on older OS versions but doesn't work on XP SP2 and K3 and
the inconsistency was causing a lot of support issues. The primary intent of this
application is to allow interactive logons to switch security context for specific
processes, not crutch unattended applications working for web apps and from the
task scheduler.
This software is Freeware. Use it as you wish at your own risk.
If you have improvement ideas, bugs, or just wish to say Hi, I
receive email 24x7 and read it in a semi-regular timeframe.
You can usually find me at joe@joeware.net
runas的替代品CPAU使用的更多相关文章
- runas/cpau/lsrunase使用小结(以管理员运行指定程序)
企业环境中,为了安全起见一般都没有赋予域用户或者企业的PC客户端用户管理员权限. 但偶尔会有个别的程序一定需要管理员身份才能执行,如财务某些程序或专业的应用程序.那么如何不赋予用户管理员权限及密码但又 ...
- Atitit rss没落以及替代品在线阅读器
Atitit rss没落以及替代品在线阅读器 1.1. 对RSS的疯狂追逐,在2005年达到了一个高峰.1 1.2. Rss的问题,支持支rss,不支持url1 1.3. ,博客受到社交网络的冲击.s ...
- 【解决方案】cvc-complex-type.2.4.a: Invalid content was found starting with element 'init-param'. One of '{"http://java.sun.com/xml/ns/javaee":run-as, "http://java.sun.com/xml/ns/javaee":security-role-r
[JAVA错误] cvc-complex-type.2.4.a: Invalid content was found starting with element 'init-param'. One o ...
- 安卓v7支持包下的ListView替代品————RecyclerView
RecyclerView这个控件也出来很久了,相信大家也学习的差不多了,如果还没学习的,或许我可以带领大家体验一把这个艺术般的控件. 项目已经同步至github:https://github.com/ ...
- nancy中视图呈现 Html.Partial(RenderPage的替代品)
在mvc中有RenderPage 用来呈现其他视图的内容,而在nancy中没有RenderPage.怎么办呢? mvc中RenderPage的替代品,就是 Html.Partial. 使用方式 @Ht ...
- 寻找Fragment的替代品的尝试
自从Android在3.0推出Fragment之后,现在很多应用的设计都是建立在Fragment的基础上,像是多个tab切换这种需求,就可以使用Fragment,并且Fragment提供了一系列生命周 ...
- Runas命令:能让域用户/普通User用户以管理员身份运行指定程序。
注:本文由Colin撰写,版权所有!转载请注明原文地址,谢谢合作! 在某些情况下,为了安全起见,大部分公司都会使用域控制器或只会给员工电脑user的用户权限,这样做能大大提高安全性和可控性,但由此也带 ...
- 菜鸟-手把手教你把Acegi应用到实际项目中(12)-Run-As认证服务
有这样一些场合,系统用户必须以其他角色身份去操作某些资源.例如,用户A要访问资源B,而用户A拥有的角色为AUTH_USER,资源B访问的角色必须为AUTH_RUN_AS_DATE,那么此时就必须使用户 ...
- 有直接运行的runas命令,XP就有
net user administrator /active:yes runas /user:ComputerName\Administrator /savecred “C:\Path\To\Prog ...
随机推荐
- Javascript中forEach的异步问题
某天尝试了下在 forEach函数中调用 await Promise() 方法,如下: var arr = [1,2,3] arr.forEach(async (v,i,a)=>{ await ...
- python实现网页登录时的rsa加密流程
对某些网站的登录包进行抓包时发现,客户端对用户名进行了加密,然后传给服务器进行校验. 使用chrome调试功能断点调试,发现网站用javascript对用户名做了rsa加密. 为了实现网站的自动登录, ...
- IDEA 导出可执行jar包【转载】
1,在项目上鼠标右键 --> Open Module Settings,或者[shift+ctrl+alt+s] 2, Artifacts --> + --> JAR --> ...
- phpRedis函数使用总结【分类详细】
<?php /*1.Connection*/ $redis = new Redis(); $redis->connect('127.0.0.1',6379,1);//短链接,本地host, ...
- DMVPN基础配置
DMVPN基础拓扑: 配置步骤: 1. 基本IP地址配置实现网络可达 2. 配置GRE多点隧道(mGRE)和NHRP(下一跳解析协议) 3. 配置EIGRP路由协议 4. 配置 ...
- Update(Stage4):Spark原理_运行过程_高级特性
如何判断宽窄依赖: =================================== 6. Spark 底层逻辑 导读 从部署图了解 Spark 部署了什么, 有什么组件运行在集群中 通过对 W ...
- RPC远程服务调用
RPC远程服务调用: RPC 的全称是 Remote Procedure Call 是一种进程间通信方式. 它允许程序调用另一个地址空间(通常是共享网络的另一台机器上)的过程或函数,而不用程序员显式编 ...
- inode节点使用率过大处理
当发现某个分区下的inode使用率过大时,需要找到该分区下的某些目录里有哪些文件可以清理. 查找某个目录下一个月或两个月之前的文件,然后删除# find . -type f -mtime +30 |w ...
- String方法阅读笔记
String类常用方法 1.int Length(): 参数:无 返回值:调用此方法的字符串的长度(int) 实例: public class Test { public static void ma ...
- SpringBoot实现restuful风格的CRUD
restuful风格: 百度百科: RESTFUL是一种网络应用程序的设计风格和开发方式,基于HTTP,可以使用XML格式定义或JSON格式定义.RESTFUL适用于移动互联网厂商作为业务使能接口的场 ...