New Desert Penguin Blog

New Blog Post 6

06 July 2024

This is a sample blog post
\t
\\
\n

Sudo for Windows?

07 June 2024

MSFT claim to have introduced a "sudo" command for Windows:
https://devblogs.microsoft.com/commandline/introducing-sudo-for-windows/

I am obviously not smart enough to understand this.
I am trying sudo and all I am getting is a program launched with exactly the same group memberships and privileges I already have. I am also unable to find any way to configure which programs should be startable by sudo.

I noticed that when UAC is enabled and I am in the Administrators group and running a non-elevated shell, sudo appears to be doing the same as Start-Process -Verb RunAs.
(Or in Win32 terminology, basically ShellExecuteW(NULL, L"RunAs", L"C:WindowsSystem32cmd.exe", NULL, NULL, SW_NORMAL);)

Is that it? What am I missing?
How is that "sudo" in any meaningful sense? And if it isn't supposed to be, why use the name of a command that very obviously does something completely different, namely do something as superuser?

Does Windows even need a "

Windows Privileges - Assign Primary Token

07 May 2024

I will be trying to write a series of blog posts about Windows privileges, in alphabetical order.
In Windows NT (and originally OpenVMS) privileges are attributes of a process that allow the process to perform privileged actions. Yes, it is very tautological*.
A process appears to get its privileges from a combination of the privileges held by the security principal (for example the user) that started it minus privileges dropped (for example by the service control manager) plus the privileges held by any pseudo-group it might belong to (for example SERVICE if it is a service) plus the privileges injected into its access token by software designed to modify access tokens.
Privileged actions include starting threads and processes using another identity (for example a different user), reading and overwriting files regardless of permissions (a backup program would need such a privilege), setting time and time zone and shutting down the system.

In alphabetical order the first...

GeneralTestService

06 April 2024

A while ago I wrote a Windows service for testing permissions. Read about it and download it here.

Strikes

15 February 2024
Strikes

As usual, the French are on strike.

...

Les Dupondt

14 February 2024
Les Dupondt

This is a first attempt at a blog post.

It even includes a photo.