Welcome to the SUperior SU page! SUperior SU is a utility for Windows NT (versions 3.51 and 4), Windows 2000, Windows XP and Windows 2003 Server, that is not only a traditional SU utility but also a powerful desktop switcher utility that allows for running multiple shells on different desktops on behalf of different users. Smell the Unix-like power of a quasi-multisession environment on a Windows NT-based Workstation or Server and download and install SUperior SU!
If you are new to SUperior SU, just read on. Long time SUperior SU users will probably want to study the at-a-glance list of things that are new with version 2. For all users, especially those that experience any sort trouble with SUperior SU or that have questions, the FAQ page might be worthwhile to read. For those who like to see a few screenshots, the screenshot page is the place to go.
For the sake of completeness, here is the history and credits page of SUperior SU (improvements for version 2 are not listed there explicitely, therefore a separate version 2 feature list is available)
Download version 2 (version 2.0.0.6) installation package.
Use this installation package for an interactive installation on your computer like you would do with any other program.
| Downloads thus far: |
11185 | | Size: | 2927886
bytes | | MD5 Checksum: | 69a1b3d486887563804a131cd5f59a2c |
Download version 2 (version 2.0.0.6) Remote Console Installer package
Use this installation package in order to deploy SUperior SU across the network remotely onto any number of computers simultaneously.
| Downloads thus far: | 8479 | | Size: | 3640154
bytes | | MD5 Checksum: | e049dce11d0af12298d738f3be676aa0 |
For a list of patches that are available for SUperior SU version 2, please take a look at the official Patches page.
Before you install a patch you must have the above version 2.0.0.6 installed, as the patches contain only modules that have changed since this version.
The latest patch available is version 2.0.0.19 as of September, 4th 2005.
...or if you are archaeologically (software-wise) inclined, download the latest 1.x version (version 1.1.0.0) which fixes quite a few bugs of version 1.0.0.9:
| Downloads thus far: | 15146 | | Size: | 1747183
bytes | | MD5 Checksum: | c45db3a70b3eb939d77ddef9b2579cd4 |
... or if you cannot refrain from doing so, here you can even download the previous version (version 1.0.0.9), phew!
| Downloads thus far: | 5963 | | Size: | 1740095
bytes | | MD5 Checksum: | 381e093a4310c42b370aa7f09ff6e153 |
What the hell is this "Desktop Switcher" thingie? |
When you normally log in to your Windows NT, 2000 or XP computer after having provided your user name and password (aka the "credentials"), a so-called "desktop" is created for you by a system component (the winlogon.exe process) that acts as the surface for your user shell, the taskbar, and all windows you create by starting programs. For every logged in user, Windows creates this single desktop, that has the name "default" and is therefore often called the "default desktop". SUperior SU and its desktop switcher can create additional desktops for you and on each desktop that is created, a new taskbar and desktop background with links on it, etc. is created. The real cool thing is, that every desktop runs in the context of a user whose user name and password you provide prior to creation of the desktop. This way it is easily possible to be logged in simultaneously with a number of different users and switch between these users' desktops with a press of a hotkey or a few mouse clicks. One possible usage scenario might for instance be that you are logged in on the default desktop as a local administrator (because you have work to do that requires administrative privileges) and that you then start a second desktop that runs under the auspices of a non-privileged user. On that desktop you can then safely surf the web or do other things that might do harm when running as a privileged user. By pressing keyboard shortcuts you can switch between these desktops almost instantly. Of course, completely opposite or different usage scenarios are possible, SUperior SU will not force you to follow a certain usage pattern. SUperior SU's desktop switcher itself resides in the system tray and can be used via a context menu or keyboard shortcuts.
SU is an acronym that stands for "Switch User". It is named after the SU utility from the Unix family of operating systems, which provides the ability to start a process running as an arbitrary user (provided you know the user's credentials) without having to log off the currently logged on interactive user. The SUperior SU utility can be used either from the command line or from Explorer's or a desktop shortcut's context menu. SUperior SU's command line su utility was designed to emulate as closely as possible the features and possibilities of the SU utility that comes with the Windows NT Resource Kit while improving it where appropriate. This means: The SUperior SU utility's command line interface, password redirection and environment variable options are the same as the Resource Kit's su utility's, while SUperior SU provides the following improvements:
| | | Full integration into the shell of Windows NT4 and Windows 2000: If you right-click on a file name in Explorer or on a shortcut on your desktop, you are provided with a shell context menu with the "Run As User..." or "Open As User" menu items, which will invoke SUperior SU.
| | | | The full set of environment variables of the user are provided by SUperior SU. This means, all environment variables such as %COMPUTERNAME%, %HOMEDRIVE%, %HOMEPATH%, %USERPROFILE%, %LOGONSERVER% and all individual environment variables, such as the user's %PATH% or %TEMP% variables, are present, as if the impersonated user would log on interactively. Even the autoexec.bat file is scanned correctly, if present, for building the %PATH% environment variable.
| | | | Fully configurable by an administrator through a control panel applet.
| | | | No need for the user to have certain privileges enabled, because authentication is done by the SUperior SU service. If you prefer the user not to be authenticated by the SUperior SU service you can as well use the traditional approach and let the user authenticate with the appropriate privileges required.
| | | | SUperior SU comes with a powerful desktop switcher utility that can start shells on a different desktop on behalf of another user. An icon in the system tray area lets you easily switch these desktops. This feature can be configured and optionally be disabled by an administrator with the SUperior SU control panel applet.
| | | | The desktop switcher fully supports logging on to a domain even with roaming profiles. SUperior SU even tries to connect to the home directory of the user if specified and if the required drive letter is available.
| | | | Comprehensive help file and tool tips support.
| | | | Start menu entries for the most important system management utilities like regedit, regedt32, the Disk Administrator, all control panel applets and much more. No need to open a console window to run SUperior SU, the most common tasks can be done from the start menu. | | | | |
Why I wrote this cool program... |
...simply, because I stumbled across the API calls "LogonUser" and "CreateProcessAsUser", ... really, that's the truth! I am not kidding! I experimented a bit with these calls and finally had the idea of rewriting the su utility that Microsoft ships with the Windows NT Server Resource Kit (and for which they charge you money), written by Scott Field. My primary goal was, to keep it 100 % compatible to Scott Field's SU, because I thought, that an administrator who uses the Microsoft su utility would only use mine, if it were fully compatible, so no scripts or batch jobs would have to be rewritten, and if my su utility would provide significant advantages over the Microsoft su.
When I already was in the beta phase with my su utility, a coworker stated, that there is a utility called "NTsu", written by Alberto Aragonés which provides multiple shells on different desktops. The NTsu version I tried was Version 1.0 Beta and I was really astonished how such a powerful utility can be done in an executable of only 33kB. NTsu actually is not a real SU utility, because it starts complete shells on new desktops and there is no way to specify the way new processes should be started like with Scott Field's SU, but it is a great piece of software that I still don't know how to implement in such a small executable. Unfortunately, NTsu is not free anymore. So the second goal became making my su utility as powerful and easy to use as NTsu which I hope it is now ... and to keep it free!
What was technically challenging in writing this program? |
To say the truth: Almost about everything. First: I never did any project of similar complexity before. Second: The area I was working on (Windows NT security), turned out to be something obscure that very few people ever dealt with. Writing an application that calls LogonUser and CreateProcessAsUser is pretty simple, a work of a few days. But when I discovered that Scott Field's latest SU utility does not need any privileges for the user to successfully run his su utility, I decided that mine would have to work the same way, while still providing the traditional approach (for those who want it) with the priviliges "Act as part of the operating system", "Increase Quotas", "Replace a process level token" and "Restore files and directories" required for the user.
Supporting both modes of operation was a big challenge. The original method lets su.exe make the calls to LogonUser and CreateProcessAsUser, which will only succeed, if the user running su.exe has the required privileges. The approach that doesn't require privileges lets su.exe send the user credentials along with other parameters via some sort of IPC to a service (in Unix terms a daemon) which does all the hard work of calling the respective API calls mentioned above. While this approach makes it easy for an administrator to deploy su, because no special privileges have to be granted to individual users or user groups (because the service has them by default, because it is running in the "localsystem" account), it could leave a potential security hole, because it enables literally every user to run su and misuse it for guessing passwords. Such a potential "brute force attack" can be narrowed down to only those users with the required privileges, if the traditional approach is used.
Another reason, why I wanted to support both methods is, that the trick with the service starting the new process doesn't run well in a Windows NT4 terminal services environment, because a service on an Windows NT4 Terminal Server always runs in the console session and so do the processes that a service starts. That meant: a user on a Windows NT4 Terminal Services client could start processes that would only be visible on the console but not in the user's session. That's why I wanted to support both modus operandi. Forget about all that mess with a Windows 2000 server: Windows 2000 Server provides processes with the ability to switch the session id and thus SUperior SU runs completely transparently in a Windows 2000 Terminal Services environment, as if it would run on a Workstation or a Server's console session.
The next challenge was to provide the same functionality as Alberto Aragonés' NTsu (which was of great help for me during development). Apologies to all who complained about the long beta phase of SUperior SU version 1: This functionality, although it seems pretty easy, once basic functionality works, is the main reason for the delay: Different behaviour on Windows NT4 (main development environment) and Windows NT3.51 and several bugs in Windows NT4 SP3 and Windows 2000 Beta 3 were of major influence, besides from architectural mistakes I made back then in 2000.
Version 2 had the aim of bringing SUperior SU into the technical state-of-the-art of the year 2003. In autumn of 2002, a new sort of attack for applications that show privileged UI arised on the surface, so-called "shatter attacks". Therefore the main goal was to redesign the UI and its relation to privileged code in such a way that the UI itself runs non-privileged. Although I never heard of a successful attack on SUperior SU version 1, I thought it would be best to provide a new version that has no attack surface whatsoever to "shatter attacks". Also at some places in the version 1 code base, NULL DACLs were used, instead of strong DACLs. Such NULL DACLs allow an attacker to mount at least a DoS-attack against any software that uses them. One of the final goals for version 2 was to provide the ability to password-protect individual desktops and to have individual desktops closed automatically as soon as the user logs out from the default desktop. This idea was borrowed from the features of a competing product, NetExec. But the real cream of the crop in version 2 is its ability to be deployed across the network on other computers using the SUperior SU Remote Console Installer. This often-requested feature is probably the most sophisticated feature of version 2. | |
|