CPAU能够在win命令行并使用网络凭据与本地凭据来实现在普通用户下执行超级管理员权限,支持各种自定义命令和简化的操作。它相比电脑自带的runas来说更加强大。

cpau官方网站:https://www.joeware.net/freetools/tools/cpau/index.htm
cpau下载地址:CPAU.zip

cpau开发者是这样描述它的:

用于备用启动进程的命令行工具。工作原理就是一个运行的替换。除此之外还允许在windows创建任务文件并在任务文件中对 ID、密码和命令行进行编码,以便 普通用户可以使用管理员权限执行任务。

cpau支持的系统:win2000、win2003、winxp。尽管作者没有提及更新的操作系统,但是经过实测在win7、win10、win11都能运行。

cpau命令行:

CPAU V01.11.00cpp Joe Richards (joe@joeware.net) November 2005

Usage:
 CPAU -u user [-p password] -ex "WhatToRun" [switches]

   user       User to log on as. Ex: user or domain\user
   password   User's password
   WhatToRun  What to execute

  Switches: (designated by - or /)
   -profile   Do local logon with profile instead of net logon
   -localwithprofile Alias for -profile
   -lwp       Alias for -profile
   -localwithoutprofile  Local logon but do not load profile.
   -lwop      Alias for -localwithoutprofile
   -k         Prefix command with cmd /k to leave window open
   -c         Prefix command with cmd /c to close window after exec.
   -pipepwd   Special method allows you to pipe password in
   -enc       Encrypt a job file for later user
   -dec       Use an ecrypted job file
   -file      Specify job file to execute or create
   -wait      Wait for process completion before returning.
   -outprocexit Used with -wait, the errorlevel variable has the
              exit code of the spawned process instead of cpau.
   -cwd x     Start at working directory x.
   -hide      Start the new process in a hidden state.
   -title x   Allow you specify title of command prompt windows.
   -crc file[,file,file]   This option allows you to encode
              CRC info for files in the job file. When decoded
              the CRC have to match or the program bombs. Note that
              it will not chase paths looking for the file, you must
              specify the exact path.
   -nowarn    Don't output warning about network logon.

  Ex1:
    cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -lwp
      Runs perl script cleanup.pl as joehomejoe

  Ex2:
    cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -enc -file cleanup.job
      Creates job file called cleanup.job to run perl script cleanup.pl as joehomejoe

  Ex3:
    cpau -dec -file cleanup.job -lwp
      Execute job file cleanup.job

  Ex4:
    cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -wait -lwp
      Runs perl script cleanup.pl as joehomejoe and waits for process to end

  Ex5:
    cpau -u joe -p logon -ex notepad.exe -lwp
      Runs notepad as user joe

  Ex6:
    cpau -u joehome\joe -p logon -ex logonscript.cmd -lwp
      Runs logon script in current directory as user joe (see note below)

  Ex7:
    cpau -u joehome\joe -p logon -ex logonscript.cmd -lwp -cwd c:\temp
      Runs logon script in/from c:\temp as user joe (see note below)

  Ex8:
    cpau -u joe -p logon -ex logonscript.cmd -enc -file logon.job -crc logonscript.cmd
      Encodes logon.job file and CRC protects the batch file


Notes:
  I had to add some protection to this app. It seems people were running this with
  a networked drive for the current working directory. Microsoft prevents cross-
  security context access of network drives on purpose, this causes CPAU
  to not be able to fire the process up. To correct for that, if CPAU realizes
  your current working directory is a network drive it will change the CWD to the
  default local path (usually c:\windows\system32). To override this functionality
  you must specify the CWD option, note that if you set it to a network
  drive you most likely will not function properly. Also note that this is
  not a bug in CPAU, this is purposeful functionality from MS. You can see this
  out of anything that changes your local security context.

  If you are using this for a logon script or something else where
  you need the permissions to take affect locally, you need to specify the
  -lwp (or -profile) switch. By default the process spawned has the current
  user's security context locally and the new security context remotely. Also
  keep in mind the note above concerning network drives, logon scripts run from
  network drives, you will need to set the CWD to a local machine
  (c:\temp maybe) and copy whatever files are necessary locally and then run cpau.

  As of Version 1.08.00 I have added the ability to insert environment variables
  into the job file. Normally env vars get converted into their values
  on the machine encoding the job file, I have made it so you can escape
  these so they will get decoded on the machine that runs the job file.
  To do this, on the command line when building the job file specify the
  environment variable like {%{env-var}%} instead of like %env-var%. So
  for instance if you wanted SystemRoot you would specify {%{SystemRoot}%}.
  This only works for items that are part of the -EX parameter.

  As of Version 1.08.00 I have also added additional protection around the CRC
  option. When you add CRC files to the job file, cpau will mark the file in
  such a way that no version prior to 1.08.00 will be able to use the job file.
  This is to prevent someone from taking a 1.08.00 or better job file with CRCs
  and use an older version of CPAU to avoid the CRCs.

  As of Version 1.08.00 I have also added the feature to display the encoded
  information when creating the job file. This should help reduce the questions
  I am getting on why a certain job file doesn't work. Often what people specify
  isn't encoded in the way they think, especially around env vars.

  As of Version 1.11.00 the -lwop option was added which allows a local logon without
  loading the user's profile. This may cause odd responses in some programs. If
  you experience issues, use -lwp to load the user's profile to see if that works.

  As of Version 1.11.00 I am specifically disallowing use from LocalSystem. This is
  something that works on older OS versions but doesn't work on XP SP2 and K3 and
  the inconsistency was causing a lot of support issues. The primary intent of this
  application is to allow interactive logons to switch security context for specific
  processes, not crutch unattended applications working for web apps and from the
  task scheduler.


 This software is Freeware. Use it as you wish at your own risk.
 If you have improvement ideas, bugs, or just wish to say Hi, I
 receive email 24x7 and read it in a semi-regular timeframe.
 You can usually find me at joe@joeware.net

添加新评论