IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Windows vX.X Forum / Can you be logged in as two people at once?
Post #133,408
by ben_tilly
1/3/04 5:09:19 PM
Reply
New Can you be logged in as two people at once?
With the two people having different access levels?

Without paying for an additional product like Windows Terminal Server that is.

This capability is central to how *nix works. You always have processes around who are logged in as different users with different privileges. You can even have many GUIs running.

Cheers,
Ben
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
Post #133,409
by admin
Picture of admin
1/3/04 5:13:05 PM
Reply
New Not log in, no.
But you can have multiple processes running under different user permissions at the same time.
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
Post #133,418
by ben_tilly
1/3/04 7:33:08 PM
Reply
New I'll tuck that away in case I ever need it
"good ideas and bad code build communities, the other three combinations do not"
- [link|http://archives.real-time.com/pipermail/cocoon-devel/2000-October/003023.html|Stefano Mazzocchi]
Post #133,428
by orion
Picture of orion
1/3/04 8:10:23 PM
Reply
New Yes you can and it is a weak security system
that allows it. If you can run CMD.EXE in the NT/2K/XP/2003 schedule program, it will be run as Admin access. Any program you open from that CLI will get run with Admin access inculding NET.EXE, horror of horrors!

Users can bypass the program install block by installing certain software to their Documents directory which has write access. A real secure system wouldn't even let them run the install program. Some programs check for Admin rights before installing, but some like OOo does not. It is up to the install program to check for access rights before installing.

If the user has access to the Notepad or Wordpad, they can give themselves access to almost anything. Usually by "Viewing Source" in IE, they get a Notepad program, even if their policies and rights disable it. All they do is clear out the HTML source and write in a batch file and save it somewhere writable, like their start menu or documents folder. Then click on it. Create a command to add CMD.EXE to the scheduler, and they can get Admin access or whatever the system runs those programs as.

Also IIS and other programs run as certain users and have a certain level of access that the logged in user may not have. So an ASP web page can be used to write to a file or database, when the user cannot, via IIS.


"Lady I only speak two languages, English and Bad English!" - Corbin Dallas "The Fifth Element"
Post #133,451
by pwhysall
Picture of pwhysall
1/3/04 11:54:08 PM
Reply
New Re: Yes you can and it is a weak security system
If you can run CMD.EXE in the NT/2K/XP/2003 schedule program, it will be run as Admin access.
Wrong. The CMD.EXE process will be run as the user that started it, and security will work accordingly.

Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
Post #133,510
by Arkadiy
Picture of Arkadiy
1/4/04 12:10:45 PM
Reply
New Certainly
Telnet Server is available

Terminal Server comes bundled with XP

Every service runs on an account different from the currently logged on user: either a special "system" account, or whatever the adminstrator chose.

Any process can start a subprocess as different user. API has full support for it, even though shell has none.

In any case, "paying for additional products" reflects price structure and marketing, not technology.
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
Post #133,517
by deSitter
Picture of deSitter
1/4/04 12:57:05 PM
Reply
New Re: Certainly
Exactly - Terminal server is an add-on to the base operating system, because the latter is not really a multi-user OS. Only one user in base NT has a "desktop" context. In order to have many desktops you have to change the OS in such a way that large parts of it are replicated for every user. And this is just the login context.
-drl
Post #133,576
by Arkadiy
Picture of Arkadiy
1/4/04 8:35:49 PM
Reply
New You keep hearing yourself, not me
NT can have arbitrary number of desktops, only one of them normally visible on a given console. All services run on an invisible desktop (I am not aware of any way to make that one visible). Terminal server gives you the ability to make invisible desktops visible. Another way to get an alternative desktop, I believe (I may be wrong here) is to hit ctrl-alt-del. The visual you see is actually a different desktop.

Also, you don't have to have a desktop to run a process, hence telnet server.
--

"It\ufffds possible to build a reasonably prosperous society that invests in its people, doesn\ufffdt invade its neighbors, opposes Israel and stands up to America. (Just look at France.)"

-- James Lileks
     NET SEND to all except a few systems? - (SpiceWare) - (42) - Dec. 5, 2003, 04:08:12 PM EST
         Send to group -NT - (Silverlock) - Dec. 5, 2003, 04:30:20 PM EST
         If you send not to machine names, but... - (CRConrad) - (6) - Dec. 7, 2003, 03:50:29 PM EST
             Re: If you send not to machine names, but... - (deSitter) - (5) - Dec. 7, 2003, 04:08:32 PM EST
                 "Messenger" != "NET SEND" ? - (CRConrad) - (4) - Dec. 7, 2003, 06:48:13 PM EST
                     NET SEND Help - (orion) - Dec. 7, 2003, 08:13:06 PM EST
                     Re: "Messenger" != "NET SEND" ? - (deSitter) - (2) - Dec. 7, 2003, 09:38:51 PM EST
                         Alternatively... - (pwhysall) - Dec. 8, 2003, 03:11:38 AM EST
                         So if Darrell's gang use W2K or later, they could try my way -NT - (CRConrad) - Dec. 8, 2003, 03:18:19 AM EST
         update - (SpiceWare) - Dec. 8, 2003, 10:00:34 AM EST
         Re: NET SEND to all except a few systems? - (qstephens) - (32) - Jan. 1, 2004, 10:30:25 AM EST
             ROFL - (deSitter) - (31) - Jan. 1, 2004, 11:47:06 AM EST
                 It inspires me - (orion) - (30) - Jan. 1, 2004, 11:50:45 AM EST
                     Re: It inspires me - (deSitter) - (22) - Jan. 1, 2004, 12:11:51 PM EST
                         On this we agree - (orion) - Jan. 1, 2004, 03:23:51 PM EST
                         Windows has no user context? - (Arkadiy) - (20) - Jan. 2, 2004, 06:38:33 PM EST
                             process-level user context - (deSitter) - (19) - Jan. 2, 2004, 07:53:05 PM EST
                                 I am still at a loss as to what you mean -NT - (Arkadiy) - (18) - Jan. 2, 2004, 10:22:02 PM EST
                                     A login is a profile - (orion) - Jan. 2, 2004, 11:36:02 PM EST
                                     Re: I am still at a loss as to what you mean - (deSitter) - (16) - Jan. 3, 2004, 12:02:12 AM EST
                                         You're much mistaken - (Arkadiy) - (15) - Jan. 3, 2004, 04:05:28 PM EST
                                             Can you be logged in as two people at once? - (ben_tilly) - (7) - Jan. 3, 2004, 05:09:19 PM EST
                                                 Not log in, no. - (admin) - (3) - Jan. 3, 2004, 05:13:05 PM EST
                                                     I'll tuck that away in case I ever need it -NT - (ben_tilly) - Jan. 3, 2004, 07:33:08 PM EST
                                                     Yes you can and it is a weak security system - (orion) - (1) - Jan. 3, 2004, 08:10:23 PM EST
                                                         Re: Yes you can and it is a weak security system - (pwhysall) - Jan. 3, 2004, 11:54:08 PM EST
                                                 Certainly - (Arkadiy) - (2) - Jan. 4, 2004, 12:10:45 PM EST
                                                     Re: Certainly - (deSitter) - (1) - Jan. 4, 2004, 12:57:05 PM EST
                                                         You keep hearing yourself, not me - (Arkadiy) - Jan. 4, 2004, 08:35:49 PM EST
                                             Re: You're much mistaken - (deSitter) - (6) - Jan. 3, 2004, 09:28:42 PM EST
                                                 What does hiererchy of processes have to do with it? - (Arkadiy) - (5) - Jan. 4, 2004, 12:14:02 PM EST
                                                     Re: What does hiererchy of processes have to do with it? - (deSitter) - (4) - Jan. 4, 2004, 12:54:51 PM EST
                                                         I am not sure what NT_AUTHORITY is - (Arkadiy) - (3) - Jan. 4, 2004, 08:42:31 PM EST
                                                             Except: - (FuManChu) - (2) - Jan. 5, 2004, 01:55:07 AM EST
                                                                 RIght you are -NT - (Arkadiy) - Jan. 5, 2004, 07:18:30 AM EST
                                                                 Bottom line - (pwhysall) - Jan. 5, 2004, 07:20:06 AM EST
                     Careful there . . - (Andrew Grygus) - (5) - Jan. 1, 2004, 12:31:49 PM EST
                         Does it really? - (ben_tilly) - (3) - Jan. 1, 2004, 01:53:29 PM EST
                             I don't remember all the details . . . - (Andrew Grygus) - (2) - Jan. 1, 2004, 02:23:54 PM EST
                                 The licenses are more forgiving than you think - (ben_tilly) - (1) - Jan. 1, 2004, 02:48:58 PM EST
                                     Really interesting issue - (orion) - Jan. 1, 2004, 03:27:39 PM EST
                         Bah! I'll make it freeware then. - (orion) - Jan. 1, 2004, 02:07:29 PM EST
                     that's what I did - (SpiceWare) - Jan. 2, 2004, 12:36:33 PM EST

Not a wholesome trottin' race, no!
73 ms