For me there's no but's - I can enter regedit at the demo prompt and modify TrustedInstaller only keys just fine - I would not be surprised though if it's one of those things Edit2: This was quick..as it was one of those things.. and guess I've proved you wrong fix for naked Windows 7 with powershell 2.0 (-ea does not support short form 'sil' instead of 'SilentlyContinue' - it was not even needed for published build as the window is hidden)
This version can be run from right-click - Send to menu. Will also update the 1st showcase of self-elevation to accept any cmd with parameters you should update or remove the code in your quoted message as to not generate confusion, tx
Yes, you are right. It looks more simple. Thank you for introducing a new way to me. But NSudo can't use that directly because some of NSudo features need to modify the attributes of the access token. Such as creating a process with all access token privileges enabled at the beginning. (What a pity!) Kenji Mouri
I still need to care about. Because some features in NSudo need CreateProcessAsUserW. (For example, run an app with current session user token. I need to use WTSQueryUserToken to assure we get the token correctly. And it needs SYSTEM access token impersonation.) If I use the way your introduced, I need to create a process to do that or keep the old implementations, it makes NSudo more complex. I'm afraid that we need many adjustments to use the new way better, because some Windows behaviors associate with the parent process. For example, there is no scroll bars with the new way. Also, most of us, the privileges in Administrators group is enough. I can do things like most people who use TrustedInstaller do with only elevated Administrators group token, such as modify Windows system files and registry. You only need to enable the SeBackupPrivilege and SeRestorePrivilege. (You can try it with 7-Zip File Manager, use NSudo to open it with the Current Process mode and select the Enable all privileges checkbox.) I think I will provide the way to use elevated Administrators group token better in NSudoSDK. (Some Windows APIs need to de hooked for adapt that.) I think we should follow the principle of least privilege. Kenji Mouri
That can be solved by presetting cmd profile or simply adjusting $host.ui.rawui.buffersize - and that's probably the only improvement I'm willing to add Yeah, that's what I had in mind for the snippet by design - a simple portable alternative to help get some windows administrative tasks done without making a mess with taking ownership of files and registry keys. Anybody needing a more powerful pwning tool should keep using NSudo as usual.
Yes, so I think that you can learn from #432. (Get the token from lsass.exe, so you can get a full SYSTEM access token.) I have tested on NSudo via the NSudo's way. Windows Vista Service Pack 2 x64 - Success Windows 10 LTSC 2018 x64 - Success Windows 10 Version 1909 (18362.10022) - Success
Been frustrated that I could not get NSudo to run any program located in C:\Program Files C:\Program Files (x86) from it's initialization file (NSudo.json) yet it ran programs in the C:\Windows directory, or a sub-directory thereof, just fine. As already discovered by others, NSudo fails when a directory or filename has a space in it. And it is reliable only when 2 backslashes are used in directory paths, The only way to pass an argument successfully to NSudo is to use DOS 8.3 names. So I found what works for me. I use PowerDesk file manager, it's executable path is: "C:\Program Files (x86)\Avanquest\PowerDesk\PDExplo.exe" Next, below, I have pasted 2 sample NSudo.json files.Each has a slightly different naming, and both work. { "ShortCutList_V2": { "PowerDesk": "C:\\PROGRA~2\\Avanquest\\PowerDesk\\PDExplo.exe", "PowerShell": "powershell", "PowerShell ISE": "powershell_ise", "Hosts编辑": "notepad %windir%\\System32\\Drivers\\etc\\hosts" } } { "ShortCutList_V2": { "PowerDesk": "C:\\PROGRA~2\\AVANQU~1\\POWERD~2\\PDExplo.exe", "PowerShell": "powershell", "PowerShell ISE": "powershell_ise", "Hosts编辑": "notepad %windir%\\System32\\Drivers\\etc\\hosts" } } You can get the DOS 8.3 file name and path by navigating in a CMD window to the directory where your program is located and typing: for %I in (.) do echo %~sI If you need just the short names of the current directory, all you have to type is: DIR /X. Thanks to Thomas Dubreuil https://forums.mydigitallife.net/th...-administration-tool.59268/page-14#post-14696 For his sample file. That's what helped me get this figured out.
@Artemus2013 one of the 2 backslashes is escape character can be used similary for spaces and quotes Code: "Notepad3": "\"C:\\Program Files\\Notepad3\\Notepad3.exe\"",