Wednesday, June 28, 2006

Sudo for Windows

Sudo for Windows

I have gotten so hooked on sudo under Linux that I have been looking
for an equivalent under Windows.  I was hoping that Vista will have
this ability because Apple does and Microsoft would probably want to
copy Apple but now I’m not sure.

I’m going to install this the next time I run Windows )

For anyone that thinks that runas is good enough, read the full article.  Here a couple of important snips.

The runas command

There seems to be a lot of
confusion about what the Windows runas command. The runas command does
not enable a user to escalate her privileges, it allows the user to
assume the identity of a privileged account, if she knows the
passphrase of that account. For this reason the runas command should be
thought of as an equivalent to the UNIX/Linux command, su.

Sudo for Windows

Enterprise deployment

This is where Sudo for Windows really has an opportunity
to shine. Imagine that you are an Active Directory administrator who
delegates OU management to other administrators. Typically these
administrators have two accounts — one unprivileged, everyday account,
and one privileged account used for system administration. Keeping up
with two accounts is a huge pain for administrators and inevitably
results in most of them staying logged into their computers as the
privileged account.

Instead, use Sudo for Windows. Delegate permissions on OUs to groups
that your OU administrators are not normally members of. Then when they
use Sudo for Windows to launch their MMCs, their privileges are
escalated so that they have access to manage their delegated OUs. This
is a very real example, and since Sudo for Windows comes packaged as a
MSI it can be rolled out to every machine you manage via that wonderful
thing we call Group Policy.

This is just one example, but imagine what you could do! Every
object in Active Directory has permissions. Now, all of a sudden, every
object is more manageable thanks to Sudo for Windows. Sudo for Windows
will create happier administrators and a more secure environment.

Sudo for Windows

This is as easy as Right-clicking on a folder:

Right-clicking on a folder

Typing in your normal user password:

The GUI client

And you are in!

technorati tags:, ,

technorati tags:, , ,

No comments:

Post a Comment