'Runas'에 해당되는 글 2건

  1. 2010.08.28 PsExec, RunAs Tools (1)
  2. 2010.04.11 Runas 이용한 관리자 권한으로 프로그램 실행
2010.08.28 09:21

PsExec, RunAs Tools

PsExec (part of PsTools - download PsExec)

Execute a command-line process on a remote machine.

Syntax
      psexec \\computer[,computer[,..] [options] command [arguments]

      psexec @run_file [options] command [arguments]

Options:

   computer   The computer on which psexec will run command. Default = local system 
              To run against all computers in the current domain enter "\\*"
               
   @run_file  Run command on every computer listed in the text file specified.

   command    Name of the program to execute

   arguments  Arguments to pass (file paths must be absolute paths on the target system)

   -a n,n,... Set processor affinity to n. Processors are numbered as 1,2,3,4 etc
              so to run the application on CPU 2 and CPU 4, enter: "-a 2,4"

   -c         Copy the program (command)to the remote system for execution.
   -c -f      Copy even if the file already exists on the remote system.
   -c -v      Copy only if the file is a higher version or is newer than the remote copy.

   If you omit the -c option then the application must be in the system path on the remote system.

   -d         Don't wait for the application to terminate.
              Only use for non-interactive applications.

   -e         Load the user account's profile, don't use with the system account (-s)

   -i         Interactive - Run the program so that it interacts with the desktop on the remote system.

   -l         Limited - Run process as limited user. Only allow privs assigned to the Users group.

   -n s       Specify a timeout s seconds for connecting to the remote computer.

   -p psswd   Specify a password for user (optional). Passed as clear text.
              If omitted, you will be prompted to enter a hidden password.

   -s         Run remote process in the System account.

   -u user    Specify a user name for login to remote computer(optional).

   -w directory Set the working directory of the process (relative to the remote computer).

   -x         Display the UI on the Winlogon desktop (local system only).

  -low, -belownormal, -abovenormal, -high or -realtime
              These options will run the process at a different priority.

Psexec can also be used to start GUI applications, but in that case the GUI will appear on the remote machine.

Input is passed to the remote system when you press the enter key - typing Ctrl-C will terminate the remote process.

When you specify a username the remote process will execute in that account, and will have access to that account's network resources.

If you omit username the remote process will run in the same account from which you execute PsExec, but because the remote process is impersonating it will not have access to network resources on the remote system.

PsExec does not require you to be an administrator of the local filesystem this can allow UserA to run commands as UserB - a Runas replacement.

Surround any long filenames "with quotation marks"

Examples:


Launch an interactive command prompt on \\workstation64:

psexec \\workstation64 cmd

Execute IpConfig on the remote system, and display the output locally:

psexec \\workstation64 ipconfig /all

Copy the program test.exe to the remote system and execute it interactively:

psexec \\workstation64 -c test.exe

Execute a program that is already installed on the remote system:

psexec \\workstation64 "c:\Program Files\test.exe"

Run Internet Explorer on the local machine but with limited-user privileges:

psexec -l -d "c:\program files\internet explorer\iexplore.exe"


RUNAS

Execute a program under a different user account.

Syntax
      RUNAS [/profile] [/env] [/netonly] /user:user Program

Key
   /profile   Option to load the user's profile (registry)
   /env       Use current environment instead of user's.
   /netonly   Use the credentials specified only for remote connections.
   /user      Username in form USER@DOMAIN or DOMAIN\USER
              (USER@DOMAIN is not compatible with /netonly)
   Program    The command to execute

Enter the password when prompted.

When you start a program with RunAs /netonly, the program will execute on your local computer as the user you are currently logged on as, but any connections to other computers on the network will be made using the user account specified.

Without /netonly everything will run under the user account specified.

RunAs from Windows Explorer
Select an executable file, Shift-Right-click and select Run As..
This option can be hidden by setting
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HideRunAsVerb=1

ErrorLevel
The error level (%ERRORLEVEL%) returned by RunAs in Windows XP and above: success=0, failure=1

Examples

   Runas /user:SCOT_DOMAIN\jDoe "mycommand.exe"

   Runas /profile /user:mymachine\administrator CMD

   Runas /profile /env /user:SCOT_DOMAIN\administrator NOTEPAD

   Runas /env /user:jDoe@swest.ss64.com "NOTEPAD \"my file.txt\""

RunAs Reqires the "Secondary Logon" service to be running.

“He who reigns within himself, and rules passions, desires, and fears, is more than a king” - Milton


Trackback 1 Comment 1
  1. Favicon of https://blog.pages.kr 날으는물고기 2010.08.28 09:23 신고 address edit & del reply

    go to run > type "psexec -sid cmd.exe" > in cmd type "services.msc"

2010.04.11 18:17

Runas 이용한 관리자 권한으로 프로그램 실행

> 주제 : Runas를 이용하여 일반계정에서 관리자 권한 실행하기 

*개요

 - runas를 이용하면 서버로 직접 로그인 하지 않아도, Client에서 관리자 권한으로 관리 도구를 사용할 수 있다.
 - runas를 이용하면 여러가지 프로그램을 원하는 계정으로 실행할 수 있다.(관리도구나 메모장 등)
 - 실습을 위해 S1과 S2 서버가 구동되어 있어야 한다.

*학습 목표

 - runas 실행 방법 익히기
 - 문제발생시 해결


# runas를 이용하여 관리도구의 'Active Directory 사용자 및 컴퓨터'를 실행해 보자

 1. CMD창에서 'runas'의 사용법을 훑어보자.(시작 -> 실행 -> CMD -> runas /? 입력후 엔터)

 

*참고

 RUNAS [ [/noprofile | /profile] [/env] [/netonly] ] /user:<UserName> 프로그램
 : 명령어의 대괄호 안의 옵션은 생략 가능하지만, /user 부분은 반드시 입력해야 실행이 가능하다.

  

2. runas를 이용하여 XP1의 관리자계정으로 Active Directory 사용자 및 컴퓨터 프로그램을 실행해봤지만, 도메인 관리자 권한을 가진 사용자로 로그온을 하라는 경고 메시지가 나온다.

 

3. 경고메시지 확인후 프로그램은 실행되지만, 도메인 정보는 표시되지 않는다.

 

4. CMD창에 아까와는 다르게 S1(서버1)의 itstar.vm 도메인의 관리자계정을 입력해 주면, 프로그램이 실행되고 도메인 정보도 표시된다.

 

5. 이번에는 S2의 자식 도메인인 child.itstar.vm의 관리자계정으로 해주어도 실행된다.

 

6. 3개의 계정으로 실행되어진 'Active directory 사용자 및 컴퓨터' 결과를 확인해 보자.



출처 : http://www.cyworld.com/namacoel

Trackback 0 Comment 0