su.cpp
	UNIX-like Substitute User for Windows NT

Usage:
	su [username [command-line]]
	where:
		username is the user to be impersonated. Default is Administrator.
		command-line is the command to be executed, with parameters. Default is CMD (Console)

Authors:
	David Wihl (wihl@shore.net)
	Steffen Krause (skrause@informatik.hu-berlin.de)
	
Revision History:
03-JUL-1995. Initial public release

Design:
	Impersonating a user on Windows NT is a three step process:
	1-	Logon the user to create a Security identifier
	2-	Enabling access to the Windows Station so the newly logged on user
		can interact. This is necessary even if the Administrator is logging on.
	3-	Creating a process using the Security identifier

	Different privileges are required for steps (1) and (3). Logging on a user
	(LogonUser()) requires the SeTcbPrivilege. Creating a process as another user
	CreateProcessAsUser()) requires SeAssignPrimary and SeIncreaseQuota privileges.
	To grant these privileges, see the Installation Section.

	These two Security API calls were only stablized in NT 3.51, build 1057. SU will
	not work with earlier versions.

	In NT, there is no direct equivalent of UNIX's rwsr-xr-x file permission.

Restrictions and Limitations:
	- Quotes (") in the command line are not passed correctly.
	- There is no logging of failed or successful usage. A future may incorporate
	  writing to the Event Log.
	
Installation:
	The easiest way to selectively grant the three privileges required to use this
	program is:

	1-	Start the User Manager (MUSRMGR)
	2-	Create a new group (e.g. "SU Users")
	3-	Add the three privileges to the group (via Policies\User Rights):
			"Act as part of the operating system"	- SeTcbPrivilege
			"Increase quotas" 			- SeIncreaseQuota
			"Replace a process level token"		- SeAssignPrimary
		
		NOTE: The three privileges will only be visible if you check 
		"Show Advanced User Rights" in the dialog box.
	4-	Add the desired users to the new group (via User\Properties\Group)

	This program was compiled under Visual C++ 2.1.

For more information about Porting from UNIX to NT check out the FAQ:
http://www.shore.net/~wihl/unix2nt.html
