SuRun - SUDO in Windows - Tutorial

Discussion in 'other software & services' started by Mrkvonic, Dec 11, 2008.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Dear all,

    First, this tutorial is inspired by tlu's excellent thread, which is by no chance a recommended one:

    https://www.wilderssecurity.com/showthread.php?t=196737

    I decided to write a visual, step-by-step guide to using SuRun, since I think it's a great product. Not only does it implement the sudo principle in Windows, it does that with such flawless and seamless integration.

    SuRun simply works!

    Enjoy:

    http://www.dedoimedo.com/computers/surun.html

    Comments and suggestions are welcome.

    Maybe, we should merge the two threads?

    Cheers,
    Mrk
     
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks!

    Been wanting to try SuRun, but I was too lazy to go through pages and pages on that thread...:thumb:
     
  3. Reimer

    Reimer Registered Member

    Joined:
    Apr 6, 2008
    Posts:
    217
    Hmm, it's interesting you created an administrator account to install SuRun in.

    By default, you already have an adminstrator account existing. So what I did was create a new account but have it created as a limited account from the start. I then installed SuRun from within my admin account and add the new limited account as a SuRun user from there.

    I'm not sure it actually makes a difference but I would have thought that creating a LUA from scratch would somehow be better than having an adminstrator account be converted into a LUA by SuRun.
     
  4. Murderlove

    Murderlove Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    99
    It is. Because in the thread of tlu, he explains that additional steps need to be taken to get rid of certain adminstrator account aspects in a LUA account if you have converted an adminstrator account into a LUA account.


    Thanks Mrkvonic for the article.
     
  5. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Many thanks Mrk for this great tutorial :thumb:

    Regards,

    MaB
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hey,
    i like the idea and may try it after i have imaged my system.
    just dont want it to stop anything from working.
    would be nice if uac worked like that.
     
  7. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Excellent tutorial Mrk. Thanks!
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Yeah, this is a great one Mrk, thanks... Next time I'm in XP I am going to use this approach...
     
  9. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    @Mrkvonic

    Oh my freaking God! Thank you for this Mrkvonic! :D I can finally use Surun and understand whats going on.

    Tlu tried to put me on to this program but I couldn't make heads or tails out of it so I just dropped it. But now................................. hehe
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    VERY NICE!

    Many thanks and more. The way you step by step present it makes more & better sense. Stages perfectly explained and where/what they do :thumb:

    EASTER
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Cheers all!
    Thanks you for your feedback.
    Mrk
     
  12. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I finally, completely get this....thank you :) It's running wonderfully and the best part is I can do what I need to do without the insanity of cryptic, annoying HIPS alerts.
     
  13. colinp

    colinp Registered Member

    Joined:
    Feb 9, 2008
    Posts:
    41
    Yessirie , ever since I happened upon the original SuRun thread and used it and SRP, I have dropped all those convulated FWs and just use a router, AV (free of course) and Kerio 2.15, I have never looked back.
    However, now I'm bored and reading security forums are now getting boring as well;) I may just need to go and really screw things up and try linux again.
     
  14. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I just intalled it using the "Home Users" settings and everything is working without complaint so far. Maybe I will keep running this way permanantly, :D
     
  15. tlu

    tlu Guest

    Yeah, that there is no official English manual is definitely a problem particularly in view of the numerous changes and improvements in the latest SuRun versions.

    Mrk's tutorial fills this gap very well :thumb:
     
  16. Frank1

    Frank1 Registered Member

    Joined:
    Dec 19, 2008
    Posts:
    17
    Hello,
    The tutorial is great. But, before I install, I have a couple of concerns.
    The first is:
    If the system is setup to receive windows update notifications when updates are downloaded and ready to be installed, how are these updates installed. Usually, I do a custom install so I know what is being installed. How can I do this in my limited user account using surun?
    Thanks
     
  17. tlu

    tlu Guest

    You'll get a notification button in the task bar. Just click it, and the updates will be installed with admin rights.
     
  18. Frank1

    Frank1 Registered Member

    Joined:
    Dec 19, 2008
    Posts:
    17
    Thank you tlu, that's what I was hoping for.
    My second concern is that the tutorial shows creating a user just for SuRun in admin mode and SuRun itself turns to user into a limited user at the end of the installation.

    I already have a limited user account (with all my desktop icons, favorites, start menu entries, task bar entries, etc). I have read in some posts that it is possible to convert this account into an SuRun account, but the tutorial does not specify what extras need to be done.

    How do I convert my existing limited user account into an SuRun account to be used as the limited user account?
    Thanks
     
  19. vhick

    vhick Registered Member

    Joined:
    Jan 21, 2006
    Posts:
    224
    Location:
    Noypi.........
    thanks sir! i get the software how its work...:) keep it up!
     
  20. Reimer

    Reimer Registered Member

    Joined:
    Apr 6, 2008
    Posts:
    217
    All you need to do is go into your admin account and install SuRun from there. Then you configure SuRun and add your limited account into the SuRunners group.

    That's the only thing I think is a little misleading in the tutorial. You don't have to create an administrator account to do this. You create a limited account and if you already have one then you're fine.
     
  21. Frank1

    Frank1 Registered Member

    Joined:
    Dec 19, 2008
    Posts:
    17
    Thank you Reimer.
    Sound simple enough. I will try it out.
    I have 2 machines to install Surun on, so it will take me some time.
    Thank you very much.
     
  22. Frank1

    Frank1 Registered Member

    Joined:
    Dec 19, 2008
    Posts:
    17
    I was wondering, after installing SuRun:
    If malicious software got into my computer while using it in limited user mode, what will stop the malicious software from using SuRun to gain control of the operating system?
    Thanks
     
  23. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I believe that having to need the password for admin actions would stop the malicious action cold....until your password was compromised. I've since stopped using SuRun and SRP in general because SandboxIE and Returnil will render malicious actions/software useless, but I do believe the password is the key here.
     
  24. Frank1

    Frank1 Registered Member

    Joined:
    Dec 19, 2008
    Posts:
    17
    I agree that requiring the password would prevent malicious software from entering the operating system.

    However, I thought I read somewhere that SuRun can be setup so that certain programs (eg. Windows Explorer) could be launched with admin rights without the need for a password each time.
    If this is correct, why would the malicious software not use that to gain access to the operating system?
     
  25. Frank1

    Frank1 Registered Member

    Joined:
    Dec 19, 2008
    Posts:
    17
    I think I found the answer.
    On the SuRun website (translated) it states that the user can only interact with SuRun via the keyboard or mouse. If I understand the translated English correctly, SuRun has control of the Desktop to do this. Therefore, malicious software cannot make SuRun do anything under program control.
     
Loading...
Thread Status:
Not open for further replies.