|
Hey Deano.
Such a well thought-out and articulate request deserves immediate attention. I like your idea. Want to propose two thoughts ...
1) Would it "help" in your situation if environment variables used in the command line were "saved" unresolved (unexpanded) to the token file. Then - when the token file is executed, the environment variable is resolved "at runtime" ? The user may be able to "spoof" the late-bound environment variable though.
2) I love your idea of breaking-out the command line into separate arguments, then allow one to over-ride SOME aspects of it ... like you suggested, how about something like:
runnas /user:joe /pass:xxx /exe:notepad.exe /path:c:\windows\system32 /args:file.txt
then, you tokenize it, and then can override the following:
runnas notepad.tok /path:%logonserver% /args:file2.txt
Plus - I would like to get the opinions of the "security experts" on the board here - to give their thoughts. But other than that - I think its a go.
| 
