saferun is a Swiss-army knife for privilege manipulation. The child process is executed with minimum available privileges. This is suitable for performing risky tasks, and might reduce the damage caused by running untrusted programs. This tool does NOT create a sandbox. A malicios program may still cause damage, though the impact should be greately reduced.
Priority, window visibility and integrity level can also be specified.
Optionally the Administrators
group can be removed from the new process by
stripping it or using a linked token, where it is available or removed.
Available privileges can only be enabled or disabled. Once a privilege is
removed, it can not be restored. However if a process token has ownership of the
Administrators
group, it can install a service to start a child process
restoring any privileges that had been removed: -e
-s
-S
. Since services
run with System
privileges, they can take the role of any existing process,
by duplicating its token: -t PID
. It is also possible to execute a process in
another session: -n
. Use -D
to specify a
window station and Desktop.
Console applications are usually run in the parent console. To detach the child,
and run in a new window, use -d
.
There is a hack to elevate selected programs automatically, by assigning a
debugger under Image File Execution Options
. In that case, specify the -G
flag.
Otherwise the system will attempt to execute the process indefinitely.
Users who have disabled Animate controls and elements inside windows
, might
experience poor performance in Office 2013-2016 applications. The workaround is to
enable animations, then start an Office application, and disable animations shortly
after that: -A
.
Argument | arun [arguments] |
---|---|
-p | Priority |
number 4 6 8 10 13 24 or | |
name idle = low below_normal normal above_normal high realtime | |
-w | Show window |
number 0-11 or name hide normal max min | |
-i | Integrity level |
untrusted low med = medium mediumui mediumplus | |
high system protected | |
-a | Remove Administrators group from the token: strip noadmin |
-a | Use linked token for an elevated process with UAC linked limited |
-e | Elevate the user token, this attempts to install a temporary service |
-s | Run as a service |
-S | Run as an interactive service (deprecated since Windows Vista) |
-t | Specify a process ID or name to use its token |
-n | Override session ID |
-D | Specify window station\Desktop e.g. winsta0\default winlogon screensaver |
-d | Do not attach to parent console |
-P | Specify startup directory |
-G | Start with debugging: required when injected as a debugger under |
Image File Execution Options | |
-A | Temporary enable Animate controls and elements inside windows , |
to improve scrolling performance and reduce lag in Office 2013-2016 |
saferun- e- D winlogon notepad
Notepad will not be able to modify any files or access the user directory. Many features are likely not to work.
saferun- i untrusted notepad
☂︎ Windows