Educause Security Discussion mailing list archives
Re: Windows "Run As" Command
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Mon, 16 Apr 2007 12:56:46 -0700
Absolutely, Harold! In addition, using RunAs or CPAU.exe to access administrator privileges with locally stored credentials (as in CPAU's -profile option) in text files is probably not a good idea, as that exposes those credentials in the limited user context. If you practice least privilege, even your system and network admins would work from a limited user account and only access local or domain administrative privileges using RunAs. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU] Sent: Monday, April 16, 2007 12:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows "Run As" Command Thanks for your quick response. Given that, I don't see it would be a viable option for an enduser who is not authorized to have admin access. Harold At 02:59 PM 4/16/2007, you wrote:
Yes and then some!! It is intended for an Administrator to be able to accomplish administrative tasks on a machine, without having to log the
current user off. For example, if user are not allowed to install programs, an administrator could use his "domain admin" account or the local administrator account to install the program without the user having to log off. It can be used to open explorer to browse network resources with different credentials that the current logged on users may not have access to. It has several benefits. See this: http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/secl ogon.mspx V/R, Gibby Nathan J. Gibson, CISSP-CCNA-MCSA Information Security Analyst University of Oklahoma HSC Office: (405) 271-2476 | Fax: (405) 271-2181 | Cell: (405) 397 5134 http://it.ouhsc.edu/services/infosecurity Confidentiality Notice This e-mail, including any attachments, contains information from the University of Oklahoma Health Sciences Center, which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. If you have received this e-mail in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments. -----Original Message----- From: Harold Winshel [mailto:winshel () CAMDEN RUTGERS EDU] Sent: Monday, April 16, 2007 1:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows "Run As" Command I'm looking for input on the Windows "Run As" command. We haven't used it and what to verify how it works - if I understand correctly, the enduser would need to know the name and password of an account that has local Windows administrator privilege in order to make
use of the "Run As" feature? Thanks, Harold Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B10 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Current thread:
- Windows "Run As" Command Harold Winshel (Apr 16)
- <Possible follow-ups>
- Re: Windows "Run As" Command Gibson, Nathan J. (HSC) (Apr 16)
- Re: Windows "Run As" Command Everett, Alex (Apr 16)
- Re: Windows "Run As" Command Harold Winshel (Apr 16)
- Re: Windows "Run As" Command Julian Thompson (Apr 16)
- Re: Windows "Run As" Command Pace, Guy (Apr 16)
- Re: Windows "Run As" Command Harold Winshel (Apr 16)
- Re: Windows "Run As" Command Kevin Moulton (Apr 16)