Changes between Version 3 and Version 4 of Nonprivileged


Ignore:
Timestamp:
07/17/13 13:09:26 (11 years ago)
Author:
pcfreak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Nonprivileged

    v3 v4  
    350350Since we changed the target for the OpenVPN-GUI shortcuts, the user can now already click the OpenVPN-GUI desktop icon, which will then run the scheduled task **win7x64_user1_openvpn** on demand. **win7x64_user1_openvpn** will then execute **openvpn-gui.exe** in the users context but with **highest privileges**.
    351351
     352=== Security related information ===
     353There are 2 registry keys, that are dangerous and can allow the user to open an administrative prompt on the machine. They are
     354
     355{{{
     356HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI\editor
     357and
     358HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI\log_viewer
     359}}}
     360
     361When using my method and click on ** View Log ** or ** Edit config **, by default notepad.exe will open (and of course) with highest privileges. To fix this, you should change the registry to an executable (you created), that shows an error message. I did this with a small AutoIT-Script, that does exactly that. I called it
     362
     363{{{
     364notallowed.exe
     365}}}
     366The source is added to this Wiki page as
     367
     368{{{
     369notallowed.au3
     370}}}
     371
     372** Without this change your installation is vulnerable and normal users can get an elevated command prompt, so absolutely change this registry keys!!!! **
     373
    352374=== Future logons ===
    353375==== Main scheduled task will execute ====