Run a program with administrator rights / Tools that allow one to run a program as other user without giving password each time / How to run a process using different credentials

joeware.net - CPAU (Create Process As User) like RunAs but with an options to encrypt the password

Run a program with administrator rights – RUNASSPC, CPAU and Steel Run As compared

http://www.robotronic.de/runasspcEn.html

http://www.joeware.net/freetools/tools/cpau/index.htm

http://minasi.com/forum/topic.asp?TOPIC_ID=13514

I would recommend the following runas utilities:

CPAU (http://www.joeware.net)
PsExec (http://www.sysinternals.com)
LSrunas/LSrunasE (http://www.lansweeper.com/) - (uses non-standard encryption)
Runasspc (http://robotronic.de/runasspcEn.html) - (uses AES-256 encryption)

I would highly recommend using Runasspc for security reasons as the other programs have no or weak encryption. Keep in mind when you don't use encryption the password is being sent as clear-text over the wire and can be easily captured by a network sniffer. Also I would recommend not executing the runas command line in a batch file - this should be embedded in a compiled and obfusticated .exe program.

Also when using runas to install some software that particular installation software may need to be installed as the active user. To get around this issue without logging off, you will need to launch a hidden command prompt as an Administrator, add the current user to the Administrators group and then run the runas command. After this you will want to remove the current user from the Administrators group. Always check the return code for the command (i.e. NET LOCALGROUP Administrators username /DELETE) that removes the user from the Administrators group so you can verify this has worked.

Validate domain username and password from workgroup computer / Running Dsa.Msc (Active Directory Users and Computers snap-in) From A Computer Not Joined Into Domain

Remotely administer a domain from a workgroup PC



http://forums.asp.net/p/1436962/3244988.aspx

All you need is here:
Declare Function LogonUser Lib "ADVAPI32.dll" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As LogonType, ByVal dwLogonProvider As LogonProvider, ByRef phToken As IntPtr) As Int32

Declare Function GetLastError Lib "kernel32.dll" () As Int32
_

Private Shared Function GetWindowsIdentity(ByVal UserName As String, ByVal Domain As String, ByVal Password As String) As WindowsIdentity
Dim SecurityToken As IntPtr

Dim Success As Boolean = CBool(LogonUser(UserName, Domain, Password, LogonType.LOGON32_LOGON_NETWORK_CLEARTEXT, LogonProvider.LOGON32_PROVIDER_DEFAULT, SecurityToken))

If Not Success Then
Throw New System.Exception("Logon Failed. Error: " & GetLastError())

End If
Return New WindowsIdentity(SecurityToken)

End Function

Public Enum LogonType As Integer

LOGON32_LOGON_INTERACTIVE = 2

LOGON32_LOGON_NETWORK = 3

LOGON32_LOGON_BATCH = 4

LOGON32_LOGON_SERVICE = 5

LOGON32_LOGON_UNLOCK = 7

LOGON32_LOGON_NETWORK_CLEARTEXT = 8

LOGON32_LOGON_NEW_CREDENTIALS = 9

End Enum

Public Enum LogonProvider As Integer

LOGON32_PROVIDER_DEFAULT = 0

End Enum



To test:

Dim o As Security.Principal.WindowsIdentity = GetWindowsIdentity("user", "domain", "pass")

http://us.generation-nt.com/answer/viewing-event-logs-remote-domain-help-68650162.html

Create a shortcut like this:

runas /netonly /user:domain\userid "mmc dsa.msc"


http://www.markwilson.co.uk/blog/2008/03/the-windows-runas-command-and-the-netonly-switch.htm
Then I found out about an obscure switch for the runas command – /netonly, used to indicate that the supplied credentials are for remote access only. By changing my command to:

runas /netonly /user:remotecomputername\username mmc

I was able to authenticate against the remote computer without needing the credentials to also be valid on the local computer, as described by Craig Andera


http://www.pluralsight-training.net/community/blogs/craig/archive/2003/06/04/785.aspx

Today I ran across an entirely new option: the /netonly switch. Using it means that the credentials you supply don’t have to be valid on the machine you’re running it on, but will still be passed on when remote calls are made! So cool. Why? Because I’m doing work with Microsoft, and I need to do things against their servers that require authentication. I don’t want to join my machine to their domain, which means I can’t get a process running under my Microsoft domain account. However, using this switch, I can make a process look to remote systems as if it were running under my Microsoft domain account. This turned out to be crucially important for getting our build process working on my machine.

The one caveat is that since it doesn’t do an actual login, it’ll take whatever password you throw at it. Even if it’s wrong – you won’t find out until you try to actually use those credentials.



Running Dsa.Msc From A Computer Not Joined Into Domain

I'm trying to figure out if this is possible:

I have a laptop that I take to numerous clients, and I
really don't like to join it to the domain because it's a
pain to do that constantly and deal with user accounts,
etc.

But, I would still like to use dsa.msc (AD Users and
Computers) and related tools to manage domains from my
laptop. Is there a way to do this?

I have tried all combinations of runas.
Additionally, "Connect To Another Computer/Domain:" (i.e.
from compmgmt.msc or something) only works on non-DC's
near as I can tell, so in this configuration it's useless
for dsa.msc. It just says, "Access is Denied" without
possibility of prompting for credentials.

I think it all boils down to the domain not trusting my
computer and vice versa. This is why I think this may
not be possible. But, I'm hoping some of you can think
of a way around this problem.

Thanks in advance,

Matt


You need to be joined to a domain. If the laptop has enough
horsepower, load Virtual PC and create a XP imeage which you just join
to client domains.

No you don't. Assuming you've installed the adminpak.msi on the XP
machine, you can:

runas /netonly /user:somedomain\someuserid "mmc dsa.msc"

Wayne

Transfer applications settings PCmover USMT

http://www.google.com/search?num=100&hl=en&newwindow=1&safe=off&q=transfer+applications+settings+PCmover+USMT+Zinstall&btnG=Search&aq=f&aqi=&aql=&oq=&gs_rfai=

http://en.wikipedia.org/wiki/User_State_Migration_Tool


Understanding Windows 7 migration tools
A comparison of Windows 7 migration tools

"Office Profile Wizard" PROFLWIZ
(http://www.google.com/search?num=100&hl=en&newwindow=1&safe=off&q=%22Office+Profile+Wizard%22+PROFLWIZ&btnG=Search&aq=f&aqi=&aql=&oq=&gs_rfai=) 

Online Antivirus scanners

http://www.av-test.org/links 

Online Virus Scan for Single File

 (http://lhsp.s206.xrea.com/misc/virusscan.en.html)


http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm

Online-scanners

File scanning with several scanners: Virustotal (Uploader) Novirusthanks (Uploader) Jotti Virscan Filterbit Viruschief Scanning of several zipped files: Avira Online-scanners: Kaspersky  F-Secure BitDefender BitDefender qscan Eset Panda Software   a-squared OneCareSuperantispyware Mcafee  CA Comodo

Code signing based on Microsoft Authenticode

http://en.wikipedia.org/wiki/Code_signing

http://www.tech-pro.net/code-signing-for-developers.html

http://www.tech-pro.net/using-codesign.html

http://www.tech-pro.net/export-to-pfx.html

http://www.briggsoft.com/signgui.htm

Submit virus samples to AV companies

http://www.wilderssecurity.com/showpost.php?s=d37efb74d49df6be58d88f5d37bdf1fe&p=1551851&postcount=43

--------------------------------------------------------------------------------------------

Agnitum: http://www.agnitum.com/support/submit_files.php
Ahnlab: v3sos(at)ahnlab.com, e-support(at)ahnlab.com
http://global.ahnlab.com/global/virusreport_main.ESD
ANSAV: http://www.ansav.com (check right sidebar)
Antiy: submit(at)virusview.net
Arcabit: wirus(at)arcabit.pl
http://www.arcabit.pl/sprawdz_pliki
Avast: virus(at)avast.com
AVG: virus(at)grisoft.cz
Avira: virus(at)avira.com, heuristik2(at)avira.com (gen/heur fp)
http://analysis.avira.com/samples/
BitDefender: virus_submission(at)bitdefender.com
http://www.bitdefender.com/site/Know...se/getSupport/ (note)
BKAV: bkav(at)bkav.com.vn
BullGuard: support(at)bullguard.com
Bytehero: virus(at)bytehero.com
ByteHero: support(at)bytehero.com
CA: virus(at)ca.com
http://home3.ca.com/Support/VirusSampleForm.aspx?
ClamAV: http://cgi.clamav.net/sendvirus.cgi
CMC: support.is(at)cmclab.net, contact(at)cmcinfosec.com
Command: virus(at)authentium.com
Comodo: malwaresubmit(at)avlab.comodo.com, falsepositive(at)avlab.comodo.com
http://internetsecurity.comodo.com/submit.php
CyberDefender: support(at)cyberdefender.com
Dr.Web: vms(at)drweb.com
https://vms.drweb.com/sendvirus/?lng=en
eAcceleration: http://research.eacceleration.com/submit_sample/
eEye: malware(at)eeye.com
EmsiSoft: submit(at)emsisoft.com, fp(at)emsisoft.com (fp)
http://www.emsisoft.com/en/support/submit/
eSafe: esafe.virus(at)eAladdin.com, virus(at)esafe.com
ESET: samples(at)eset.com
eXtendia/Guardian: TechSupport(at)BoomerangSoftware.com
Filseclab: virus(at)filseclab.com
FireAV: service(at)fireav.com
Fortinet: submitvirus(at)fortinet.com
F-Prot: viruslab(at)f-prot.com
http://www.f-prot.com/virusinfo/submission_form.html
http://www.f-prot.com/virusinfo/fals...tive_form.html (fp)
F-Secure: vsamples(at)f-secure.com
https://analysis.f-secure.com/
Gdata: http://www.gdatasoftware.com/support.html
Hacksoft: virus(at)hacksoft.com.pe
Hauri: hauri98(at)hauri.co.kr
http://www.hauri.net/support/virus_report.html
http://www.hauri.net/support/false_report.html (fp)
Ikarus: samples(at)ikarus.at, false-positive(at)ikarus.at (fp)
http://www.ikarus-software.at/cgi-bi...s&submit=more+
Immunet: submit(at)samples.immunet.com, support(at)immunet.com (fp)
Iolo: support-crm(at)iolo.com
http://www.iolo.com/customercare/technicalsupport.aspx
Jiangmin: virus(at)jiangmin.com, open-file(at)jiangmin.com (fp)
K7 Computing: k7viruslab(at)k7computing.com
Kaspersky: newvirus(at)kaspersky.com
Kingsoft: support(at)kingsoftresearch.com
http://www.kingsoftsupport.com/kingsoft/upload.php
Lavasoft: research(at)lavasoft.com
http://upload.lavasoft.com/upload/submit_file.php
Mcafee: virus_research(at)avertlabs.com, spyware_research(at)avertlabs.com (note)
datasubmission(at)mcafee.com (fp) (note)
Micropoint: virus(at)micropoint.com.cn, support(at)micropoint.cn
http://service.micropoint.com.cn/mail.php (tick 2nd option - To report suspicious files)
Microsoft: avsubmit(at)submit.microsoft.com, windefend(at)submit.microsoft.com, mfcs(at)submit.microsoft.com
https://www.microsoft.com/security/portal/submit.aspx
Microworld: support(at)mwti.net
MKS-Vir: pomoc(at)mks.com.pl
http://www.mks.com.pl/pomoc/wyslij_zarazony_plik (1.5 mb limit)
Moonsecure: http://www.moonsecure.com/vsubmit.php (note)
MyFreeAntivirus: http://smartpctools.com/support.html
Net Protector: service(at)indiaantivirus.com
http://indiaantivirus.com/virussample.html
Netgate: research(at)spy-emergency.com
http://www.spy-emergency.com/content/view/43/58/
Nictasoft: http://www.nictasoft.com/new-virus/
Norman: analysis(at)norman.no
http://www.norman.com/security_cente...mit_file/en-us
http://www.norman.com/support/fp/en (fp)
nProtect: http://global.nprotect.com/support/contactus.php
Nuwavesoft: support(at)nuwavesoft.com
Panda: virus(at)pandasecurity.com, falsepositives(at)pandasecurity.com (fp) (note)
ParetoLogic: SWAT(at)Paretologic.com
http://www.paretologic.com/community/submissions/ (check left sidebar)
PCMAV: redaksi(at)pcmedia.co.id
PCSecurityShield: customersupport(at)pcsecurityshield.com
PC Tools: http://www.pctools.com/mrc/submit/
Prevx: virus(at)prevxresearch.com, report(at)prevxresearch.com (note)
Proland: virsample(at)pspl.com
http://www.pspl.com/support/samplesubmit.htm
QuickHeal: viruslab(at)quickheal.com
http://www.quickheal.co.in/submit_sample.asp
http://www.quickheal.co.in/submit_fp.asp (fp)
Returnil: support-tech(at)returnil.com (note)
Rising: master(at)rising.com.cn
http://mailcenter.rising.com.cn/FileCheck/
http://support.rising-global.com/ind...departmentid=1
Sophos: samples(at)sophos.com
http://www.sophos.com/support/samples
Srnmicro: vlab(at)srnmicro.com
Sunbelt: malware-cruncher(at)sunbelt-software.com, spywarereport(at)sunbelt-software.com
http://www.sunbeltsecurity.com/Submi...5D4A0825C756EA
http://www.sunbeltsecurity.com/Submi...7BCD8BFF85EB45 (fp)
Sybari: submit_virus(at)research.sybari.com (note)
Symantec: avsubmit(at)symantec.com
https://submit.symantec.com/websubmit/retail.cgi
https://submit.symantec.com/dispute/false_positive (fp)
TrendMicro: virus_doctor(at)trendmicro.com
http://subwiz.trendmicro.com/SubWiz/Default.asp
Trustport: support(at)trustport.com
VBA32: newvirus(at)anti-virus.by
Vexira: virus_submission(at)centralcommand.com
Vir.it: assistenza(at)viritpro.com
VirusBuster: virus(at)virusbuster.hu
https://support.virusbuster.hu/index...kets&_a=submit (tick Virus Lab)
Virus Chaser: inquiry(at)viruschaser.com.hk
http://www.viruschaser.hk/e_contact.php (select Virus Support)
Webroot: submissions(at)webroot.com
http://www.webroot.com/En_US/about-vendorcomplaint.html (fp)
Websense: submit(at)websensesecuritylabs.com
http://securitylabs.websense.com/con...Malicious.aspx (select Malicious Application)
Zonelabs: malware(at)zonelabs.com

Greatis: support(at)greatis.com
Hazard Shield: andy(at)orbitech.org
Iobit Security 360: is360submit(at)iobit.com
http://db.iobit.com/deal/sdsubmit/index.php
Malwarebytes: http://uploads.malwarebytes.org
Nemesis: support(at)usec.at
NoVirusThanks (?): robert(at)novirusthanks.org
PC DoorGuard (?): astonsupport(at)astonsoft.com
Remove Fake Antivirus (?): olzenkhaw(at)hotmail.com
Spybot: detections(at)spybot.info
http://www.safer-networking.org/en/c...etections.html
Spyware Terminator: contact(at)spywareterminator.com
http://www.spywareterminator.com/sup...rt-ticket.aspx
Superantispyware: samples(at)superantispyware.com
http://www.fileresearchcenter.com/submitfile.html
http://www.fileresearchcenter.com/vendordispute.html (fp)
The Cleaner: trojans(at)moosoft.com
http://www.moosoft.com/TheCleaner/WebSubmit
TheStubware: support(at)thestubware.com
Trojan Hunter: submit(at)trojanhunter.com
Trojan Remover: submit(at)simplysup.com
ZeroSpyware: support(at)zerospyware.com
http://www.spyware-net.com/ReportSpyware

AVLab-UA: newvirus(at)avlab-ua.com
http://www.avlab-ua.com/component/op...mid,2/lang,ru/
http://www.avlab-ua.com/component/op...mid,3/lang,ru/ (fp)
UNA: newvirus(at)unasoft.com.ua
UploadMalware: http://www.uploadmalware.com

Most security vendors suggest that you put your sample(s) inside a password-protected archive* (preferably zip) to prevent being filtered/corrupted. In the e-mail/web form body include the archive password, symptom(s) of the infection(s) and if possible the site url(s) where you got the suspect file(s). In some cases if you can't locate the file(s), just e-mail the malware url(s) to your vendor and ask for removal assistance.

If you suspect your security vendor has produced a false positive (fp), put the detected file(s) inside a password-protected archive* (preferably zip). To get hold of the file(s), temporarily disable the real-time shield of your security software, restore the file(s) from quarantine and put the file(s) in your software's exclusion list. Refer to the help file of your security software to do those. In the e-mail/web form body include the archive password, site url(s) where you got the file(s) and reason(s) why the file(s) is/are safe.

*How to password protect zip files in windows XP/windows vista? If you're using an older Windows Operating System you need a 3rd party archiver (like 7-zipthat is free). Refer to the archiver's help file.

If you spot any mistakes, wrong contacts/links or would like to add other vendor contacts please post them. Thanks. 

PS: Don't forget to change (at) to @. Some forms/links are not in English so use online translators like Google's or Yahoo's to translate them into English or your language.

__________________
"O miserable shadow clad in darkness! Hurting and disdaining people, a karmic soul drowning in sin... Would you try dying for once?" - Enma Ai

---

Last edited by LowWaterMark : November 23rd, 2009 at 05:10 PM. Reason: additions and updates per thanatos_theos

Portable Executable PE identifiers / extractors

Portable Executable PE identifiers / extractors:

1. innounp, the Inno Setup Unpacker
2. PEiD
3. TrID - File Identifier
4. Universal Extractor

How To Copy Text or Error Messages from Any Dialog Boxes in Windows

http://www.raymond.cc/blog/archives/2008/05/25/how-to-copy-text-or-error-messages-from-any-dialog-boxes-in-windows/

How To Copy Text or Error Messages from Any Dialog Boxes in Windows:

1. Scraper from PC Magazine
2. SysExporter
3. WinScraper
4. Textractor
5. TextGrabber 

Search Engines Webmaster Tools

Search engine webmaster tools:

http://en.wikipedia.org/wiki/Google_Webmaster_Tools
http://en.wikipedia.org/wiki/Bing_Webmaster_Center
http://en.wikipedia.org/wiki/Yahoo!_Site_Explorer

----------------------------------------------------------------------------------------------------------


Google:

http://www.google.com/webmasters/

(mimmo1997@gmail.com / mimmo2011@gmail.com)

Bing:
http://www.bing.com/webmaster/
(mimmo2009@live.com / mimmo2011@live.com)

Yahoo:
http://siteexplorer.search.yahoo.com/
(mimmo_1997@yahoo.com / mimmo2011@ymail.com / mimmo9711@yahoo.com)

-----------------------------------------------------------------------------------------------------------

Blogger Sitemap Generator /
Sitemap Generator for Google, Bing and Yahoo:
http://digitalinspiration.com/tools/blogger/sitemap/


-----------------------------------------------------------------------------------------------------------

Facebook Account:
http://www.facebook.com/
mimmo2011@live.com

mimmo97@gmx.de