• runas的替代品CPAU使用


    runas替代软件CPAU

    在windows系统下,想要实现某个程序不论何时都以指定的用户身份登录,因此找到了CPAU这个软件

    cpau官方网站:https://www.joeware.net/freetools/tools/cpau/index.htm

    File: CPAU.exe
    Size: 555520 bytes
    File Version: 1.11.0.376
    Modified: 2005年11月8日, 23:23:38
    MD5: 7100F979B8516B8C1AE6FF858435626E
    SHA1: C6A596B10BC8FD05F8A13859FEF8B2CF7A9360E7
    CRC32: DD9BD789
    

    用user身份运行WpfApp1

    CPAU -u user -p password -ex WpfApp1.exe -lwp
    

    注意1:当前用户administrator,测试发现,如果将CPAU放到桌面上,执行上述命令时会报错目录名无效,原因不知,将CPAU放到C:windows 或 d:下均不再报此错误,原因未知

    cpau -u user -p password -ex "d:WpfApp1.exe" -enc -file WpfApp1.txt
    cpau -dec -file WpfApp1.txt -lwp
    

    注意2:当前用户administrator,测试发现WpfApp1.txt放在当前用户administrator目录下,执行cpau -dec -file WpfApp1.txt -lwp命令的时候,会报错目录名无效,原因不知

    其实还有其他替代品的比如:lsrunase,不过我没测试过,等以后用到了再补充进来

    附CPAU导出的说明

    Usage:
     CPAU -u user [-p password] -ex "WhatToRun" [switches]
    
       user       User to log on as. Ex: user or domainuser
       password   User's password
       WhatToRun  What to execute
    
      Switches: (designated by - or /)
       -profile   Do local logon with profile instead of net logon
       -localwithprofile Alias for -profile
       -lwp       Alias for -profile
       -localwithoutprofile  Local logon but do not load profile.
       -lwop      Alias for -localwithoutprofile
       -k         Prefix command with cmd /k to leave window open
       -c         Prefix command with cmd /c to close window after exec.
       -pipepwd   Special method allows you to pipe password in
       -enc       Encrypt a job file for later user
       -dec       Use an ecrypted job file
       -file      Specify job file to execute or create
       -wait      Wait for process completion before returning.
       -outprocexit Used with -wait, the errorlevel variable has the
                  exit code of the spawned process instead of cpau.
       -cwd x     Start at working directory x.
       -hide      Start the new process in a hidden state.
       -title x   Allow you specify title of command prompt windows.
       -crc file[,file,file]   This option allows you to encode
                  CRC info for files in the job file. When decoded
                  the CRC have to match or the program bombs. Note that
                  it will not chase paths looking for the file, you must
                  specify the exact path.
       -nowarn    Don't output warning about network logon.
    
      Ex1:
        cpau -u joehomejoe -p logon -ex "perl cleanup.pl" -lwp
          Runs perl script cleanup.pl as joehomejoe
    
      Ex2:
        cpau -u joehomejoe -p logon -ex "perl cleanup.pl" -enc -file cleanup.job
          Creates job file called cleanup.job to run perl script cleanup.pl as joehomejoe
    
      Ex3:
        cpau -dec -file cleanup.job -lwp
          Execute job file cleanup.job
    
      Ex4:
        cpau -u joehomejoe -p logon -ex "perl cleanup.pl" -wait -lwp
          Runs perl script cleanup.pl as joehomejoe and waits for process to end
    
      Ex5:
        cpau -u joe -p logon -ex notepad.exe -lwp
          Runs notepad as user joe
    
      Ex6:
        cpau -u joehomejoe -p logon -ex logonscript.cmd -lwp
          Runs logon script in current directory as user joe (see note below)
    
      Ex7:
        cpau -u joehomejoe -p logon -ex logonscript.cmd -lwp -cwd c:	emp
          Runs logon script in/from c:	emp as user joe (see note below)
    
      Ex8:
        cpau -u joe -p logon -ex logonscript.cmd -enc -file logon.job -crc logonscript.cmd
          Encodes logon.job file and CRC protects the batch file
    
    Notes:
      I had to add some protection to this app. It seems people were running this with
      a networked drive for the current working directory. Microsoft prevents cross-
      security context access of network drives on purpose, this causes CPAU
      to not be able to fire the process up. To correct for that, if CPAU realizes
      your current working directory is a network drive it will change the CWD to the
      default local path (usually c:windowssystem32). To override this functionality
      you must specify the CWD option, note that if you set it to a network
      drive you most likely will not function properly. Also note that this is
      not a bug in CPAU, this is purposeful functionality from MS. You can see this
      out of anything that changes your local security context.
    
      If you are using this for a logon script or something else where
      you need the permissions to take affect locally, you need to specify the
      -lwp (or -profile) switch. By default the process spawned has the current 
      user's security context locally and the new security context remotely. Also 
      keep in mind the note above concerning network drives, logon scripts run from 
      network drives, you will need to set the CWD to a local machine 
      (c:	emp maybe) and copy whatever files are necessary locally and then run cpau.
    
      As of Version 1.08.00 I have added the ability to insert environment variables
      into the job file. Normally env vars get converted into their values
      on the machine encoding the job file, I have made it so you can escape
      these so they will get decoded on the machine that runs the job file.
      To do this, on the command line when building the job file specify the
      environment variable like {%{env-var}%} instead of like %env-var%. So
      for instance if you wanted SystemRoot you would specify {%{SystemRoot}%}.
      This only works for items that are part of the -EX parameter.
    
      As of Version 1.08.00 I have also added additional protection around the CRC
      option. When you add CRC files to the job file, cpau will mark the file in 
      such a way that no version prior to 1.08.00 will be able to use the job file.
      This is to prevent someone from taking a 1.08.00 or better job file with CRCs
      and use an older version of CPAU to avoid the CRCs.
    
      As of Version 1.08.00 I have also added the feature to display the encoded
      information when creating the job file. This should help reduce the questions
      I am getting on why a certain job file doesn't work. Often what people specify
      isn't encoded in the way they think, especially around env vars.
    
      As of Version 1.11.00 the -lwop option was added which allows a local logon without
      loading the user's profile. This may cause odd responses in some programs. If
      you experience issues, use -lwp to load the user's profile to see if that works.
    
      As of Version 1.11.00 I am specifically disallowing use from LocalSystem. This is
      something that works on older OS versions but doesn't work on XP SP2 and K3 and
      the inconsistency was causing a lot of support issues. The primary intent of this
      application is to allow interactive logons to switch security context for specific
      processes, not crutch unattended applications working for web apps and from the
      task scheduler.
    
     This software is Freeware. Use it as you wish at your own risk.
     If you have improvement ideas, bugs, or just wish to say Hi, I
     receive email 24x7 and read it in a semi-regular timeframe.
     You can usually find me at joe@joeware.net
    
  • 相关阅读:
    浅析linux 下的/etc/profile、/etc/bashrc、~/.bash_profile、~/.bashrc(转)
    【引用】如何关闭SELinux
    typedef 用法(转)
    【引用】让source insight在窗口标题栏上显示文件全路径
    c语言 typedef(转)
    ip分片 tcp分段(转)
    linux 命令 pushd popd cd 区别
    linux xargs
    JS实现简单hashtable
    Page.ClientScript.RegisterClientScriptBlock 与RegisterClientScriptBlock
  • 原文地址:https://www.cnblogs.com/guyk/p/12375115.html
Copyright © 2020-2023  润新知