Re: SRP and Run As...



Sunny wrote:
Is it possible to configure XP Pro SP2 such that RunAs privileges are applied before Software Restriction Policy is evaluated?

Take the example of an executable stored in c:\temp. Software Restriction Policy prevents execution of anything in c:\temp by ordinary users, but is not enforced for local administrators.

SRP works as expected for the primary logon - local admins can execute programs from c:\temp, ordinary users cannot - however RunAs does not permit running programs from c:\temp as admin while logged in as an ordinary user. The system issues the "Blocked by SRP" error before it even checks the admin account credentials provided (you still get an SRP error if you supply a bad admin password).

It seems to me XP is doing things backward here - I can get around it by using RunAs to start a command prompt, then executing programs from there, but it would be much more convenient to use RunAs directly.


Anyone?
.