Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: preventing run-as option

From: nikhil () niiconsulting com
Date: 11 Oct 2006 04:42:04 -0000
Hello Vijay,

          Not only you, but majority of people working in a domain based environment are facing this problem. Windows 
however provides this facility to block "Run as" utility. Here is the way :

1. On the domain controller go to command prompt & type "dsa.msc".

2. On the OU where the User's desktop resides, open the Group Policy editor & navigate to Computer Configuration > 
Windows Settings > Security Settings > Software Restriction Policies 

3. Right-click on this node and select "New Software Restriction Policies" (This creates a default set of Software 
Restriction Policies that you can now configure further)

4. To prevent the runas.exe command from executing on the computers affected by this GPO, right-click on "Additional 
Rules" and select "New Path Rule"

5. Now type the path to runas.exe (C:\Windows\system32\runas.exe) and make sure the policy is set to "disallowed".

        Once Group Policy has been updated during its next refresh cycle (or force an immediate update with gpudate 
/force) users on the affected machines won't be able to use the Run As command to start programs using alternate 
credentials.      
         However, if you prefer to apply this policy to specific users instead of computers, use a GPO linked to an OU 
where the user accounts reside and configuring Software Restriction Policies using User Configuration instead of 
Computer Configuration, such as:

User Configuration > Windows Settings > Security Settings > Software Restriction Policies

     For non-domain environment, I mean for standalone Windows XP or Windows Server 2003 machines in a workgroup 
environment Group Policy isn't available. However, you can disable Run As by tweaking the Registry instead. Simply use 
Regedit.exe to locate the following key on each machine:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

Then create a new DWORD value named HideRunAsVerb and assign it a value of 1. 

      And you are done with it. 

Nikhil Wagholikar
CEH

Security Analyst
NII Consulting
www.niiconsulting.com
------------------------------------
Comprehensive Security Assessment Software
http://www.niiconsulting.com/products.html
------------------------------------

This message may contain privileged and confidential information and is
solely for the use of intended recipient. If you are not the intended
recipient you should not disseminate, distribute, store, print, copy or
deliver this message. Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from your
system.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: