Description
ProfileUnity allows non Administrators to launch programs with elevated privileges. To test this function follow these steps.
Step 1) Add elevation rule to your configuration:
- Filter: No Filter - Apply this to all
Type: Application
Action: Allow
Match: Contains
Value: C:\Windows\System32\cmd.exe
Save and update your ini in netlogon\profileunity share.
Step 2) Open c:\windows\system32\cmd.exe
a) If elevation is working the cmd prompt will open and close and will be showing "Administrator" in the window (look screenshot)
b) If elevation is not working the cmd will not display "Administrator" (look screenshot)
Example:
c) When elevating specific application it is more secure to user SHA256 as a "Match" this will be more secure than "Path" or "Contains"
Here are the steps how to generate a hash from a file:
- The main Power Shell command is get-filehash FILEPATH, e.g. get-filehash c:\test.txt.
- Get-FileHash uses the Sha256 algorithm by default.
- You may specify a different algorithm instead using the -Algorithm parameter.
- Supported are: SHA1, SHA256, SHA384, SHA512, MACTripleDES, MD5, RIPEMD160
- Note that MD5 and SHA1 are not considered secure anymore but are still supported.
- So, to generate a Sha512 hash you would use the command get-filehash -Algorithm Sha512 c:\test.txt.
Product: ProfileUnity
Product Version: 6.x and newer