41
edits
Changes
Created page with '[http://sourceforge.net/projects/sudowin/ Sudowin] is an implementation of [http://en.wikipedia.org/wiki/Sudo sudo] for Microsoft Windows.<br> <br> Documentation on the Sourcefor…'
[http://sourceforge.net/projects/sudowin/ Sudowin] is an implementation of [http://en.wikipedia.org/wiki/Sudo sudo] for Microsoft Windows.<br>
<br>
Documentation on the Sourceforge page is non-existent however it can be found in PDF format [http://www.sans.org/reading_room/whitepapers/bestprac/1726.php here]<br>
<br>
Whilst many users find RUNAS works for them I find it problematic and Sudowin is much better for providing high needs users with a way to perform actions with escalated privileges when necessary but run their Windows session as an unprivileged user.<br>
<br>
Add users to the Sudoers local group which is created on install, otherwise you must manually specify them in the sudoers.xml file located in '''%PROGRAMFILES%\Sudowin\Server''', you will need to read the documentation to implement properly but you can get a basic setup going quickly.<br>
<br>
This package relies on [http://setacl.sourceforge.net/index.html SetACL]<br>
<br>
<source lang="xml">
<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package
id="sudowin"
name="Sudo for Windows"
revision="2"
reboot="false"
priority="10">
<check type="uninstall" condition="versiongreaterorequal" path="Sudo for Windows" value="0.2.0"/>
<install cmd='msiexec /qn /i "%SOFTWARE%\sudowin\sudowin-bin-0.4.2-r208.msi"' />
<install cmd='%comspec% /c xcopy /E /R /Y "%SOFTWARE%\sudowin\*.bat" "%PROGRAMFILES%\Sudowin\"'> <exit code="any"/></install>
<!-- Now remove inheritable permissions on sudo.exe, give app_sudowin read and execute and remove local users and power users from acl -->
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn setprot -op "dacl:p_c"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Power Users;ta:remtrst;w:dacl"' />
<!-- And do as above for the Sudowin GUI -->
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn setprot -op "dacl:p_c"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Power Users;ta:remtrst;w:dacl"' />
<!-- Copy our sudoers.xml to the PC -->
<install cmd='%comspec% /c xcopy /R /Y "%SOFTWARE%\sudowin\sudoers.xml" "%PROGRAMFILES%\Sudowin\Server\"'/>
<!-- Remove the Start Menu entry -->
<install cmd='%COMSPEC% /c rmdir /q /s "%AllUsersProfile%\Start Menu\Programs\Sudo for Windows"'/>
<!-- To upgrade we first stop the service -->
<upgrade cmd='%COMSPEC% /c net stop Sudowin' ><exit code="0" /><exit code="2" /></upgrade>
<!-- then force reinstallation of the msi -->
<upgrade cmd='msiexec /qn /fa "%SOFTWARE%\sudowin\sudowin-bin-0.4.2-r208.msi"' />
<upgrade cmd='%comspec% /c xcopy /E /R /Y "%SOFTWARE%\sudowin\*.bat" "%PROGRAMFILES%\Sudowin\"'> <exit code="any"/></upgrade>
<!-- Now remove inheritable permissions on sudo.exe, give app_sudowin read and execute and remove local users and power users from acl -->
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn setprot -op "dacl:p_c"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Power Users;ta:remtrst;w:dacl"' />
<!-- And do as above for the Sudowin GUI -->
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn setprot -op "dacl:p_c"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<!-- Copy our sudoers.xml to the PC -->
<upgrade cmd='%comspec% /c xcopy /R /Y "%SOFTWARE%\sudowin\sudoers.xml" "%PROGRAMFILES%\Sudowin\Server\"'/>
<!-- Remove the Start Menu entry -->
<upgrade cmd='%COMSPEC% /c rmdir /q /s "%AllUsersProfile%\Start Menu\Programs\Sudo for Windows"'/>
<!-- To remove we first stop the service -->
<remove cmd='%COMSPEC% /c net stop Sudowin' ><exit code="0" /><exit code="2" /></remove>
<!-- then uninstall using the msi -->
<remove cmd='msiexec /qn /x "%SOFTWARE%\sudowin\sudowin-bin-0.4.2-r208.msi "' />
<!-- finally force delete the program directory -->
<remove cmd='%COMSPEC% /c rmdir /q /s "%PROGRAMFILES%\Sudowin"'/>
</package>
</packages>
</source>
<br>
Documentation on the Sourceforge page is non-existent however it can be found in PDF format [http://www.sans.org/reading_room/whitepapers/bestprac/1726.php here]<br>
<br>
Whilst many users find RUNAS works for them I find it problematic and Sudowin is much better for providing high needs users with a way to perform actions with escalated privileges when necessary but run their Windows session as an unprivileged user.<br>
<br>
Add users to the Sudoers local group which is created on install, otherwise you must manually specify them in the sudoers.xml file located in '''%PROGRAMFILES%\Sudowin\Server''', you will need to read the documentation to implement properly but you can get a basic setup going quickly.<br>
<br>
This package relies on [http://setacl.sourceforge.net/index.html SetACL]<br>
<br>
<source lang="xml">
<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package
id="sudowin"
name="Sudo for Windows"
revision="2"
reboot="false"
priority="10">
<check type="uninstall" condition="versiongreaterorequal" path="Sudo for Windows" value="0.2.0"/>
<install cmd='msiexec /qn /i "%SOFTWARE%\sudowin\sudowin-bin-0.4.2-r208.msi"' />
<install cmd='%comspec% /c xcopy /E /R /Y "%SOFTWARE%\sudowin\*.bat" "%PROGRAMFILES%\Sudowin\"'> <exit code="any"/></install>
<!-- Now remove inheritable permissions on sudo.exe, give app_sudowin read and execute and remove local users and power users from acl -->
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn setprot -op "dacl:p_c"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Power Users;ta:remtrst;w:dacl"' />
<!-- And do as above for the Sudowin GUI -->
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn setprot -op "dacl:p_c"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<install cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Power Users;ta:remtrst;w:dacl"' />
<!-- Copy our sudoers.xml to the PC -->
<install cmd='%comspec% /c xcopy /R /Y "%SOFTWARE%\sudowin\sudoers.xml" "%PROGRAMFILES%\Sudowin\Server\"'/>
<!-- Remove the Start Menu entry -->
<install cmd='%COMSPEC% /c rmdir /q /s "%AllUsersProfile%\Start Menu\Programs\Sudo for Windows"'/>
<!-- To upgrade we first stop the service -->
<upgrade cmd='%COMSPEC% /c net stop Sudowin' ><exit code="0" /><exit code="2" /></upgrade>
<!-- then force reinstallation of the msi -->
<upgrade cmd='msiexec /qn /fa "%SOFTWARE%\sudowin\sudowin-bin-0.4.2-r208.msi"' />
<upgrade cmd='%comspec% /c xcopy /E /R /Y "%SOFTWARE%\sudowin\*.bat" "%PROGRAMFILES%\Sudowin\"'> <exit code="any"/></upgrade>
<!-- Now remove inheritable permissions on sudo.exe, give app_sudowin read and execute and remove local users and power users from acl -->
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn setprot -op "dacl:p_c"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Console\sudo.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Power Users;ta:remtrst;w:dacl"' />
<!-- And do as above for the Sudowin GUI -->
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn setprot -op "dacl:p_c"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn ace -ace "n:yourdomain\app_sudowin;p:read_ex"' />
<upgrade cmd='"%SOFTWARE%\system\setacl.exe" -on "%PROGRAMFILES%\Sudowin\Clients\Gui\Sudowin.Clients.Gui.exe" -ot file -actn trustee -trst "n1:%COMPUTERNAME%\Users;ta:remtrst;w:dacl"' />
<!-- Copy our sudoers.xml to the PC -->
<upgrade cmd='%comspec% /c xcopy /R /Y "%SOFTWARE%\sudowin\sudoers.xml" "%PROGRAMFILES%\Sudowin\Server\"'/>
<!-- Remove the Start Menu entry -->
<upgrade cmd='%COMSPEC% /c rmdir /q /s "%AllUsersProfile%\Start Menu\Programs\Sudo for Windows"'/>
<!-- To remove we first stop the service -->
<remove cmd='%COMSPEC% /c net stop Sudowin' ><exit code="0" /><exit code="2" /></remove>
<!-- then uninstall using the msi -->
<remove cmd='msiexec /qn /x "%SOFTWARE%\sudowin\sudowin-bin-0.4.2-r208.msi "' />
<!-- finally force delete the program directory -->
<remove cmd='%COMSPEC% /c rmdir /q /s "%PROGRAMFILES%\Sudowin"'/>
</package>
</packages>
</source>