How To: Disable Run-As Command

By Konstantin Boyandin on January 20, 2010 5:41 PM | | No TrackBacks
It might be necessary, for security considerations, to disable the 'Run-As' command. For a standalone computer under XP, in a workgroup environment, the following registry 'hack' will do the trick. Open (or create) this section:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

and create a new DWORD named HideRunAsVerb with a value of 1,

In case of domain environment, you can use Software Restrictions Policies feature of Group Policy. Open the appropriate GPO using Group Policy Object Editor and find the following node in the console tree:

Computer Configuration/Windows Settings/Security Settings/Software Restriction Policies

Right click on it and select New Software Restriction Policies. Right-click on Additional Rules and select New Path Rule. Specify the path to runas.exe and make sure the policy is set as 'disallowed'.

You can apply this restriction to specific users only. Use a GPO linked to an OU where the user accounts reside and configure Software Restriction Policies using User Configuration instead of Computer Configuration, e.g.:

User Configuration/Windows Settings/Security Settings/Software Restriction Policies

Categories:

Tags:

No TrackBacks

TrackBack URL: /blog/mt-tb.cgi/74

blog comments powered by Disqus

About this Entry

This page contains a single entry by Konstantin Boyandin published on January 20, 2010 5:41 PM.

How To: Find Locked Out User Accounts was the previous entry in this blog.

How To: Delay Startup Services is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.