Using the Secondary Logon Service and RunAs
The examples throughout this chapter show local administrators going about their daily work while logged on using their Administrative accounts. This is generally not a good practice. Quite a few bad things can happen when logged on with full admin permissions. Viruses can get activated and make sweeping changes. Innocent mistakes can cause serious damage. Leaving your workstation open gives access to nefarious users. The list goes on and on.
Windows Server 2003 comes with a Secondary Logon Service (SLS) that makes it possible to log on as a standard user and then launch applications with alternative credentials to perform administrative tasks. This is philosophically similar to the su (superuser) command ...
Get Inside Windows® Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
