Re: Windows "Run As" Command

["Pace, Guy" <gpace () CIS CTC EDU>]

Absolutely, Harold! In addition, using RunAs or CPAU.exe to access
administrator privileges with locally stored credentials (as in CPAU's
-profile option) in text files is probably not a good idea, as that
exposes those credentials in the limited user context.

If you practice least privilege, even your system and network admins
would work from a limited user account and only access local or domain
administrative privileges using RunAs.

Guy L. Pace, CISSP
Security Administrator
Center for Information Services (CIS)
3101 Northup Way, Suite 100
Bellevue, WA 98004
425-803-9724

gpace () cis ctc edu


-----Original Message-----
From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU] 
Sent: Monday, April 16, 2007 12:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Windows "Run As" Command

Thanks for your quick response.  Given that, I don't see it would be a
viable option for an enduser who is not authorized to have admin access.

Harold

At 02:59 PM 4/16/2007, you wrote:
> Yes and then some!! It is intended for an Administrator to be able to 
> accomplish administrative tasks on a machine, without having to log the

> current user off. For example, if user are not allowed to install 
> programs, an administrator could use his "domain admin"
> account or the local administrator account to install the program 
> without the user having to log off.
>
> It can be used to open explorer to browse network resources with 
> different credentials that the current logged on users may not have 
> access to. It has several benefits.
>
>
> See this: 
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/secl
> ogon.mspx
>
>
>
> V/R,
> Gibby
> Nathan J. Gibson, CISSP-CCNA-MCSA
> Information Security Analyst
> University of Oklahoma HSC
> Office: (405) 271-2476 | Fax: (405) 271-2181 | Cell: (405) 397 5134 
> http://it.ouhsc.edu/services/infosecurity
>
>
> Confidentiality Notice
> This e-mail, including any attachments, contains information from the 
> University of Oklahoma Health Sciences Center, which may be 
> confidential or privileged. The information is intended to be for the 
> use of the individual or entity named above. If you are not the 
> intended recipient, be aware that any disclosure, copying, distribution

> or use of the contents of this information is prohibited.
>
> If you have received this e-mail in error, please notify the sender 
> immediately by a "reply to sender only" message and destroy all 
> electronic and hard copies of the communication, including attachments.
>
> -----Original Message-----
> From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU]
> Sent: Monday, April 16, 2007 1:56 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Windows "Run As" Command
>
> I'm looking for input on the Windows "Run As" command.
>
> We haven't used it and what to verify how it works - if I understand 
> correctly,  the enduser would need to know the name and password of an 
> account that has local Windows administrator privilege in order to make

> use of the "Run As" feature?
>
> Thanks,
>
> Harold
>
>
>
> Harold Winshel
> Computing and Instructional Technologies Faculty of Arts & Sciences 
> Rutgers University, Camden Campus
> 311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102
> (856) 225-6669 (O)

Harold Winshel
Computing and Instructional Technologies Faculty of Arts & Sciences
Rutgers University, Camden Campus
311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102
(856) 225-6669 (O)