Security Basics mailing list archives

RE: preventing run-as option

From: "Lariviere, Stephen" <Stephen.Lariviere () CITIZENSBANK com>
Date: Tue, 10 Oct 2006 12:54:42 -0400

There are two ways to disable the 'runAs' option for a Windows server:

1. Shut off the Windows service named 'Secondary Logon Service'. You can
do this locally on the server if applicable or via a GPO under 'allowed
services'.

2. Institute a software restriction via GPO to restrict access to
C:\windows\system32\runas.exe.


Hope this helps.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Dubber, Drew B
Sent: Monday, October 09, 2006 8:00 AM
To: vijay shetti; security-basics () securityfocus com
Subject: RE: preventing run-as option

Haven't seen a response... have a look at
http://www.petri.co.il/disable_runas.htm

Also set an ACL on the RUNAS.EXE command to allow admins/system only if
you really don't want people to use it :)

Cheers
Drew 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of vijay shetti
Sent: 06 October 2006 08:16
To: security-basics () securityfocus com
Subject: preventing run-as option

hello all!!!

In my company we have domain based environment...In our proxy access
permissions are given based on the name of the user and only few users
are given rights to view a set of sites like email sites...

For example employee A is given the permission and B does not have
that.What B does is that he runs Internet explorer using run-as option
and gives A's credentials...This way he is able to surf websites that
he is not given permission to.

Is there any option using which I can disable run-as option...


regards,
Vijay....

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


-----------------------------------------
Use of email is inherently insecure. Confidential information,
including account information, and personally identifiable
information, should not be transmitted via email, or email
attachment.  In no event shall Citizens or any of its affiliates
accept any responsibility for the loss, use or misuse of any
information including confidential information, which is sent to
Citizens or its affiliates via email, or email attachment. Citizens
does not guarantee the accuracy of any email or email attachment,
that an email will be received by Citizens or that Citizens will
respond to any email.
 
This email message is confidential and/or privileged. It is to be
used by the intended recipient only.  Use of the information
contained in this email by anyone other than the intended recipient
is strictly prohibited. If you have received this message in error,
please notify the sender immediately and promptly destroy any
record of this email.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

preventing run-as option vijay shetti (Oct 06)
- Re: preventing run-as option Hylton Conacher(ZR1HPC) (Oct 10)
- RE: preventing run-as option Murda Mcloud (Oct 10)
- RE: preventing run-as option Dubber, Drew B (Oct 10)
  - Re: preventing run-as option MaddHatter (Oct 10)
    - Re: preventing run-as option MPope (Oct 11)
    - RE: preventing run-as option Buozis, Martynas (Oct 11)
- RE: preventing run-as option Dixon, Wayne (Oct 10)
- Re: preventing run-as option Clinton E. Troutman (Oct 10)
- <Possible follow-ups>
- RE: preventing run-as option Scott Ramsdell (Oct 10)
- RE: preventing run-as option Lariviere, Stephen (Oct 10)
- RE: preventing run-as option Lariviere, Stephen (Oct 10)
  - Re: preventing run-as option Clinton E. Troutman (Oct 11)
  - Re: preventing run-as option Ansgar -59cobalt- Wiechers (Oct 11)
    - RE: preventing run-as option Murda Mcloud (Oct 12)
- Re: preventing run-as option nikhil (Oct 11)
- RE: preventing run-as option Lariviere, Stephen (Oct 13)
  - Re: preventing run-as option Ansgar -59cobalt- Wiechers (Oct 13)
  - RE: preventing run-as option Murda Mcloud (Oct 15)