O'Reilly Hacks
oreilly.comO'Reilly NetworkSafari BookshelfConferences Sign In/My Account | View Cart   
Book List Learning Lab PDFs O'Reilly Gear Newsletters Press Room Jobs  

 
Search
Hacks Site
• List of Titles
• Got a Hack?
• Suggestion Box
Resource Centers
Bioinformatics
C/C++
Databases
Digital Media
Enterprise Development
Game Development
Java
Linux/Unix
Macintosh/OS X
.NET
Open Source
Oracle
Perl
Python
Scripting
Security
Software Development
SysAdmin/Networking
Web
Web Services
Windows
Wireless
XML
Book Series
Annoyances
CD Bookshelves
Cookbooks
Developer's Notebooks
Hacks
Head First
In A Nutshell
Missing Manuals
Pocket References
Personal Trainer
Technology & Society
Publishing Partners
Mandriva
No Starch Press
Paraglyph Press
PC Publishing
Pragmatic Bookshelf
SitePoint
Syngress Publishing
Online Publications
LinuxDevCenter.com
MacDevCenter.com
ONJava.com
ONLamp.com
OpenP2P.com
Perl.com
WebServices.XML.com
WindowsDevCenter.com
XML.com
Special Interest
Beta Chapters
Events
From the Editors List
Letters
MAKE
Open Books
tim.oreilly.com
Special Sales
Academic
Corporate Services
Government
Inside O'Reilly
About O'Reilly
Bookstores
Contact Us
International
Register Your Book
User Groups
Writing for O'Reilly

WINDOWS HACK

Offset windows and Gain Admin (Must have admin creditental)
Tired of logging out to get that file you need on the administrators side maybe a special script to run administrative tasks on the users desktop. Do you want all of your programs to run as admin without switching the pass on the DC or local account (here is how!)

Contributed by: Unknown User anonymous2
[03/16/04 | Discuss (1) | Link to this hack]

this hack involves using the windows shell to gain access to the admin desktop. It is actually quite simple to do and is about the same in usefullness as the--SU command running linux/unix. To do so all you need is the admin password for a local or a domain wide account. first enter the command line by executing a shell command or is you are like me and have replaced the process explorer (task manager with another program like CMD) then hit the secure attention sequence. 

 
C:\%USERPROFILE%\ > taskkill /f /IM:explorer.exe
you should have killed the desktop application, now your background should just be showing. now enter the all mighty su command from the command line prompt that you have created in the process. 
C:\%USERPROFILE%\ > runass /env /profile /user:<administrator account> "<program name"
change the administrator accoutn and the program name to the appropriate user format using Machine/User or account@FQDN. for the sake of simplicity i will use admin. 
C:\USERPROFILE%\ > runas /env /profile /user:admin@somedomain.com "explorer.exe"
once you hit the return or enter key you screen should feeze stdin and ask for a password enter your password and behold your process has joined the ranks of administrative process with all full privlages and other things avaliable to you. Go ahead run that regedit scriplet to do your non-evil bidding and enjoy the fact that you also have access to your documents that you need.

O'Reilly Home | Privacy Policy

© 2007 O'Reilly Media, Inc.
Website: | Customer Service: | Book issues:

All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.