# saferun ### Execute a command in restricted security context #### Description saferun is a Swiss-army knife for privilege manipulation. The child process is executed with minimum available privileges. This is suitable for performing risky tasks, and might reduce the damage caused by running untrusted programs. This tool does NOT create a sandbox. A malicios program may still cause damage, though the impact should be greately reduced. Priority, window visibility and integrity level can also be specified. Optionally the `Administrators` group can be removed from the new process by stripping it or using a linked token, where it is available or removed. Available privileges can only be enabled or disabled. Once a privilege is removed, it can not be restored. However if a process token has ownership of the `Administrators` group, it can install a service to start a child process restoring any privileges that had been removed: `-e` `-s` `-S`. Since services run with `System` privileges, they can take the role of any existing process, by duplicating its token: `-t PID`. It is also possible to execute a process in another session: `-n `. Use `-D` to specify a window station and Desktop. Console applications are usually run in the parent console. To detach the child, and run in a new window, use `-d`. There is a hack to elevate selected programs automatically, by assigning a debugger under `Image File Execution Options`. In that case, specify the `-G` flag. Otherwise the system will attempt to execute the process indefinitely. Users who have disabled `Animate controls and elements inside windows`, might experience poor performance in Office 2013-2016 applications. The workaround is to enable animations, then start an Office application, and disable animations shortly after that: `-A`. #### Command line options | Argument | `arun [arguments] [parameters]` | | :------- | :---------------------------------------- | | `-p` | Priority | | | number `4` `6` `8` `10` `13` `24` or | | | name `idle` = `low` `below_normal` `normal` `above_normal` `high` `realtime` | | | | | `-w` | Show window | | | number `0-11` or name `hide` `normal` `max` `min` | | | | | `-i` | Integrity level | | | `untrusted` `low` `med` = `medium` `mediumui` `mediumplus` | | | `high` `system` `protected` | | | | | `-a` | Remove `Administrators` group from the token: `strip` `noadmin` | | `-a` | Use linked token for an elevated process with UAC `linked` `limited` | | `-e` | Elevate the user token, this attempts to install a temporary service | | `-s` | Run as a service | | `-S` | Run as an interactive service (deprecated since Windows Vista) | | `-t` | Specify a process ID or name to use its token | | `-n` | Override session ID | | `-D` | Specify `window station\Desktop` e.g. `winsta0\default` `winlogon` `screensaver` | | `-d` | Do not attach to parent console | | `-P` | Specify startup directory | | `-G` | Start with debugging: required when injected as a debugger under | | | `Image File Execution Options` | | | | | `-A` | Temporary enable `Animate controls and elements inside windows`, | | | to improve scrolling performance and reduce lag in Office 2013-2016 | ###### Example: Run Notepad on the login screen ```powershell saferun -e -D winlogon notepad ``` ###### Example: Run Notepad with untrusted integrity Notepad will not be able to modify any files or access the user directory. Many features are likely not to work. ```powershell saferun -i untrusted notepad ``` #### Supported Platforms ☂︎ Windows #### [Prerequisites and build instructions](../../../lib.git#Prerequisites) #### © 2012-2023 Georgi Valkov https://httpstorm.com/download/windows/saferun/