Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: wntRunAsUser -- security side effects
Here's one question/response:
> Now to the actual question. What affect will granting the "Domain Users" > group the rights -- Act as part of the operating system aka > "SeTcbPrivilege"; Increase quotas aka "SeIncreaseQuotaPrivilege" ; Replace > a process level token aka "SeAssignPrimaryTokenPrivilege" -- have on > security ? This is a tremendously bad idea regardless of whether or not the username and password can be recovered from the executable. Both SeTcbPrivilege and SeIncreaseQuotaPrivilege are very powerful rights that should only be available to the operating system. They should not even be assigned to Administrators. You effectively provide the ability to completely compromise the system by assigning those rights to a user. Everything needed to write the necessary code is available through MSDN. SeIncreaseQuotaPrivilege has no affect in Windows NT 4.0. I don't know about Windows 2000.Looking for other inputs on this.
Also a lot of discussion has been around extracting the user-name/password combination from the compiled file. It looks hard to me but I've omnly peeked into a compiled file & searched for the string that I KNEW was the user-name/password and couldn't find either.
Any thoughts on how secure the user-name/password combination are in side the executable ? would an *.exe be more secure than a *.wbc ?
However the same skills and tools can be used on pretty much any program in any language.
Article ID: W14477
Filename: wntRunAsUser -- Security Side Effects.txt
File Created: 2000:05:30:13:14:44
Last Updated: 2000:05:30:13:14:44