Security Basics mailing list archives
Re: preventing run-as option
From: nikhil () niiconsulting com
Date: 11 Oct 2006 04:42:04 -0000
Hello Vijay, Not only you, but majority of people working in a domain based environment are facing this problem. Windows however provides this facility to block "Run as" utility. Here is the way : 1. On the domain controller go to command prompt & type "dsa.msc". 2. On the OU where the User's desktop resides, open the Group Policy editor & navigate to Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies 3. Right-click on this node and select "New Software Restriction Policies" (This creates a default set of Software Restriction Policies that you can now configure further) 4. To prevent the runas.exe command from executing on the computers affected by this GPO, right-click on "Additional Rules" and select "New Path Rule" 5. Now type the path to runas.exe (C:\Windows\system32\runas.exe) and make sure the policy is set to "disallowed". Once Group Policy has been updated during its next refresh cycle (or force an immediate update with gpudate /force) users on the affected machines won't be able to use the Run As command to start programs using alternate credentials. However, if you prefer to apply this policy to specific users instead of computers, use a GPO linked to an OU where the user accounts reside and configuring Software Restriction Policies using User Configuration instead of Computer Configuration, such as: User Configuration > Windows Settings > Security Settings > Software Restriction Policies For non-domain environment, I mean for standalone Windows XP or Windows Server 2003 machines in a workgroup environment Group Policy isn't available. However, you can disable Run As by tweaking the Registry instead. Simply use Regedit.exe to locate the following key on each machine: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Then create a new DWORD value named HideRunAsVerb and assign it a value of 1. And you are done with it. Nikhil Wagholikar CEH Security Analyst NII Consulting www.niiconsulting.com ------------------------------------ Comprehensive Security Assessment Software http://www.niiconsulting.com/products.html ------------------------------------ This message may contain privileged and confidential information and is solely for the use of intended recipient. If you are not the intended recipient you should not disseminate, distribute, store, print, copy or deliver this message. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: preventing run-as option, (continued)
- Re: preventing run-as option MPope (Oct 11)
- RE: preventing run-as option Buozis, Martynas (Oct 11)
- RE: preventing run-as option Dixon, Wayne (Oct 10)
- Re: preventing run-as option Clinton E. Troutman (Oct 10)
- RE: preventing run-as option Scott Ramsdell (Oct 10)
- RE: preventing run-as option Lariviere, Stephen (Oct 10)
- RE: preventing run-as option Lariviere, Stephen (Oct 10)
- Re: preventing run-as option Clinton E. Troutman (Oct 11)
- Re: preventing run-as option Ansgar -59cobalt- Wiechers (Oct 11)
- RE: preventing run-as option Murda Mcloud (Oct 12)
- Re: preventing run-as option nikhil (Oct 11)
- RE: preventing run-as option Lariviere, Stephen (Oct 13)
- Re: preventing run-as option Ansgar -59cobalt- Wiechers (Oct 13)
- RE: preventing run-as option Murda Mcloud (Oct 15)