I have gotten so hooked on sudo under Linux that I have been looking
for an equivalent under Windows. I was hoping that Vista will have
this ability because Apple does and Microsoft would probably want to
copy Apple but now I’m not sure.
I’m going to install this the next time I run Windows
For anyone that thinks that runas is good enough, read the full article. Here a couple of important snips.
The runas command
There seems to be a lot of
confusion about what the Windows runas command. The runas command does
not enable a user to escalate her privileges, it allows the user to
assume the identity of a privileged account, if she knows the
passphrase of that account. For this reason the runas command should be
thought of as an equivalent to the UNIX/Linux command, su.
Enterprise deployment
This is where Sudo for Windows really has an opportunity
to shine. Imagine that you are an Active Directory administrator who
delegates OU management to other administrators. Typically these
administrators have two accounts — one unprivileged, everyday account,
and one privileged account used for system administration. Keeping up
with two accounts is a huge pain for administrators and inevitably
results in most of them staying logged into their computers as the
privileged account.Instead, use Sudo for Windows. Delegate permissions on OUs to groups
that your OU administrators are not normally members of. Then when they
use Sudo for Windows to launch their MMCs, their privileges are
escalated so that they have access to manage their delegated OUs. This
is a very real example, and since Sudo for Windows comes packaged as a
MSI it can be rolled out to every machine you manage via that wonderful
thing we call Group Policy.This is just one example, but imagine what you could do! Every
object in Active Directory has permissions. Now, all of a sudden, every
object is more manageable thanks to Sudo for Windows. Sudo for Windows
will create happier administrators and a more secure environment.
This is as easy as Right-clicking on a folder:
Typing in your normal user password:
And you are in!
technorati tags:Sudo, Vista, mmc
No comments:
Post a Comment