Is there a way to create a user in the new Windows 10 implementation of bash so that I'm not running it as root, without having to create a different user account in the Windows 10 system? I want to use Windows as an administrator with my normal user account but when I launch bash I want it to launch into an account other than the default account, which I'm guessing is automatically root (in the Linux subsystem) since it's the administrator account (in the Windows system).
WSL is specially designed not to compromise the normal Windows security, and it is (currently) "client-only". Thus, the "root" inside a WSL session is just simulation to make things look more real for stuff you run in the "Linux" environment. From the Windows point of view, root in WSL is the same user which launched the WSL. If this user is an elevated admin, the WSL programs are too.
For details, see the few available Channel9 videos and WSL blog.
To the original question - how to "drop" admin privileges for running WSL, see for example here.
When you install Bash on Windows the first time, you are prompted to create a (non-root) Linux account. When you start bash.exe, that is the account you are automatically logged in as.
Related
Using PSEXEC and to run a VBS as LocalSystem account, to let the script run with admin rights.
VB script called prompts and GUIs are not visible if a person is connected to the computer via RDP.
You can see the script or GUI as a running process in task manager, but it is not visible.
Windows Security setting preventing this? Limitation of RDP?
Your script is running in an invisible desktop so you cannot run a denial of service attack on the interactive user of the physical computer.
This is normal.
State what your goal is rather than why your solution to an unknown problem doesn't work.
It doesn't matter your intentions.
This question is better suited to https://serverfault.com as you are trying to administer a network by programming rather than how it's designed to be administered.
Normally one uses logon scripts or group policy to set the RunOnce key.
I'm trying to automate a task using powershell and I need the computer to restart multiple times. I'm doing this by scheduling a job that runs at startup that executes different scripts, and after that I use Restart-Computer to reboot the pc.
My problem is that I want it to be completely autonomous, but right now I need to input username and password at startup to access my profile. I know that if there is a single user on the machine and if it doesn't have a password it gets logged in automatically, but there are two users on the machine. Is there a way to automatically login after a reboot to a pre-selected windows account with powershell? Thanks
EDIT: I also have to execute programs that have a GUI, so I need authentication anyways.
On a Surface Pro 3 with Win8.1, already have VirtualBox 5.0.6 installed (works fine with Linux images), just installed Genymotion 2.5.4.
Every time I try to start Genymotion, it asks for admin privileges to invoke something on VirtualBox. Why does this need admin? Any way to avoid this?
According to Unable to create Genymotion Virtual Device a number of people think it shouldn't and I can't find any reference on Genymotion's website that they need admin.
The admin privilege appears when Genymotion creates or configure network interfaces though VirtualBox. This network configuration is unfortunately mandatory for the software to work correctly.
The last changes on Windows and VBox obliges us to do it more frequently so that's the reason why you see it each time you start the program.
I encountered this problem with my non privileged user accounts using Windows 10. When Genymotion runs for the first time as the current user, it will create a virtual interface if it does not see one defined in the users profile. If your account has Administrator privileges, it will create the interface without issue. As a non privileged user, you will get prompted for admin credentials so that a new virtual interface can be created and defined.
My workaround was to run Genymotion with an account that has administrator privileges so that the virtual interface is defined and the Genymotion interface starts up. After that, I preserve the following directories in:
C:\Users\%USERNAME%.VirtualBox and
C:\Users\%USERNAME%\AppData\Local\VirtualStore
When I have a new user that needs to run Genymotion, I have them run a script that restores these directories to their profile. They can then run Genymotion without needing Admin credentials.
I setup virtual servers with Windows Server 2008/2012. I want to automate the password setting process for the windows guest.
My script would run like:
bash setupwindows.sh <kvmid> <password>
Then setupwindows.sh would mount the LVM, place the powershell script into the autostart directory and start the server.
I can change the password over windows cmd with
net user Administrator password
My question is: in which directory at the windows guest i need to place the powershell script to get it started on boot, without an user to be logged in?
I think the problem here is that you're approaching this with a linux/Bash style approach, which can lead you around in circles big time when trying this in Windows, as the two platforms have inherent differences.
If you want to set your password at build time, and your machine is on a domain, then use Group Policy to set the default Admin Password using the setting found under Computer Configuration -> Expand Preferences -> Control Panel -> Local Users and Groups -> New - Local User -> Select Update as the action -> type Administrator into the User name text box.
If you're not on a domain, then the best tool to use is the Windows System Image Manager, which comes as part of the Windows Automated Install Kit. You use this to open up a Windows Install Image (.wim) and select the accompanying unattend.xml which is used to automate the Windows Install.
The value you want to change using SIM will be found under : Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword
Here you can set the default admin password to whatever you wish.
You could do this with a script, using the net use syntax, but the problem there is triggering the script to run. In my opinion, these two methods here represent the best approach to solving this problem.
How can I start an application to run as guest or to run with limited privileges under Windows 7?
The current user is an admin and I want to test the behaviour of the application while running with less rights.
I already know that it has some issues on other systems but I want to run it on my computer/account to debug it.
Hold shift key and right-click executable and select "Run as different user".
Apologies if your question was seeking a programmatic solution.