so i was at work the other day trying to get some software i was writing to work in vista and i discovered the idiocy of the new "administrator" class.
in vista and xp the default user is of the class "administrator". in xp administrator is the top class, there is another class called "SYSTEM" which is basically the same as administrator as well and is used for things like services. then there is another class called "power user" which is fairly like the other 2, just you cant do things like modify files and settings that only have admin or system privilege. obviously this makes sense since if you say had system services running which commonly run under the "SYSTEM" permission. system and admin are root. in vista though, "administrators" are the same as xp power users it seems, just they are still called administrators. pretty stupid eh? you also cant make xp style admins unless you have group policy editor snap ins (which you wont have if you have home editions!). there is possibly another really odd way to make an admin i read about online but its very "jump through 50 hoops" to do it style.
so here is how you super easily defeat this idiotic scheme. if you are a programmer, you make a windows service. you write an installer using say install shield or even the visual studio setup wizard to install said windows service. msiexec is the setup service and is SYSTEM priviledge. oddly a "admin" which is power user can click usually some setup file which is usually a user privilege item. it in turn calls the "Windows Installer" service (msiexec.exe) and it will load its msi script into msiexec and whtaever is in the msi will run under SYSTEM priviledge. so basically you can promote anything the msi will run to system level from admin anyway.
now... depending on how complicated you want to be you could write the installer to just do a custom action to open a command box or something thus giving you full system access. OR you could say write a service that performs in the background that runs with full system privileges also to do whatever you want. it honestly makes no sense to me how you can promote things to basically root like this, just because msi automatically seem to be treated as trusted things. for example if you were clever you could write a windows service that did nothing but say log keystrokes and send things off. and the funny thing is you could probably even set the permissions so that the service could not be deleted by the logged in user (since the service could be made SYSTEM only and the logged in uesr being just a power user cant do anything though an antispyware program if it had a def for it could probably see it and usually has a system privilege service too to be able to do things like quarantine these things) and would auto restart itself if anyone ever stopped it. i would assume its only a matter of time before some more clever spyware people do this. at least in xp most users are real admins so this would actually be harder to get away with.
now, getting the thing installed would mean someone would have to actually click yes on the uac crap, or have turned uac off . but other than that really its pretty stupid. i actually was writing a windows service with an msi based installer so i verified this works haha.
in vista and xp the default user is of the class "administrator". in xp administrator is the top class, there is another class called "SYSTEM" which is basically the same as administrator as well and is used for things like services. then there is another class called "power user" which is fairly like the other 2, just you cant do things like modify files and settings that only have admin or system privilege. obviously this makes sense since if you say had system services running which commonly run under the "SYSTEM" permission. system and admin are root. in vista though, "administrators" are the same as xp power users it seems, just they are still called administrators. pretty stupid eh? you also cant make xp style admins unless you have group policy editor snap ins (which you wont have if you have home editions!). there is possibly another really odd way to make an admin i read about online but its very "jump through 50 hoops" to do it style.
so here is how you super easily defeat this idiotic scheme. if you are a programmer, you make a windows service. you write an installer using say install shield or even the visual studio setup wizard to install said windows service. msiexec is the setup service and is SYSTEM priviledge. oddly a "admin" which is power user can click usually some setup file which is usually a user privilege item. it in turn calls the "Windows Installer" service (msiexec.exe) and it will load its msi script into msiexec and whtaever is in the msi will run under SYSTEM priviledge. so basically you can promote anything the msi will run to system level from admin anyway.
now... depending on how complicated you want to be you could write the installer to just do a custom action to open a command box or something thus giving you full system access. OR you could say write a service that performs in the background that runs with full system privileges also to do whatever you want. it honestly makes no sense to me how you can promote things to basically root like this, just because msi automatically seem to be treated as trusted things. for example if you were clever you could write a windows service that did nothing but say log keystrokes and send things off. and the funny thing is you could probably even set the permissions so that the service could not be deleted by the logged in user (since the service could be made SYSTEM only and the logged in uesr being just a power user cant do anything though an antispyware program if it had a def for it could probably see it and usually has a system privilege service too to be able to do things like quarantine these things) and would auto restart itself if anyone ever stopped it. i would assume its only a matter of time before some more clever spyware people do this. at least in xp most users are real admins so this would actually be harder to get away with.
now, getting the thing installed would mean someone would have to actually click yes on the uac crap, or have turned uac off . but other than that really its pretty stupid. i actually was writing a windows service with an msi based installer so i verified this works haha.
Facebook
Twitter