Re: preventing run-as option
- From: nikhil@xxxxxxxxxxxxxxxxx
- Date: 11 Oct 2006 04:42:04 -0000
Hello Vijay,
Not only you, but majority of people working in a domain based environment are facing this problem. Windows however provides this facility to block "Run as" utility. Here is the way :
1. On the domain controller go to command prompt & type "dsa.msc".
2. On the OU where the User's desktop resides, open the Group Policy editor & navigate to Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies
3. Right-click on this node and select "New Software Restriction Policies" (This creates a default set of Software Restriction Policies that you can now configure further)
4. To prevent the runas.exe command from executing on the computers affected by this GPO, right-click on "Additional Rules" and select "New Path Rule"
5. Now type the path to runas.exe (C:\Windows\system32\runas.exe) and make sure the policy is set to "disallowed".
Once Group Policy has been updated during its next refresh cycle (or force an immediate update with gpudate /force) users on the affected machines won't be able to use the Run As command to start programs using alternate credentials.
However, if you prefer to apply this policy to specific users instead of computers, use a GPO linked to an OU where the user accounts reside and configuring Software Restriction Policies using User Configuration instead of Computer Configuration, such as:
User Configuration > Windows Settings > Security Settings > Software Restriction Policies
For non-domain environment, I mean for standalone Windows XP or Windows Server 2003 machines in a workgroup environment Group Policy isn't available. However, you can disable Run As by tweaking the Registry instead. Simply use Regedit.exe to locate the following key on each machine:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
Then create a new DWORD value named HideRunAsVerb and assign it a value of 1.
And you are done with it.
Nikhil Wagholikar
CEH
Security Analyst
NII Consulting
www.niiconsulting.com
------------------------------------
Comprehensive Security Assessment Software
http://www.niiconsulting.com/products.html
------------------------------------
This message may contain privileged and confidential information and is
solely for the use of intended recipient. If you are not the intended
recipient you should not disseminate, distribute, store, print, copy or
deliver this message. Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from your
system.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: Social Engineering Data set
- Next by Date: RE: One computer two different networks
- Previous by thread: RE: preventing run-as option
- Next by thread: RE: preventing run-as option
- Index(es):
Relevant Pages
|
