It might be necessary, for security considerations, to disable the 'Run-As' command. For a standalone computer under XP, in a workgroup environment, the following registry 'hack' will do the trick. Open (or create) this section:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
and create a new DWORD named HideRunAsVerb with a value of 1,
In case of domain environment, you can use Software Restrictions Policies feature of Group Policy. Open the appropriate GPO using Group Policy Object Editor and find the following node in the console tree:
Computer Configuration/Windows Settings/Security Settings/Software Restriction Policies
Right click on it and select New Software Restriction Policies. Right-click on Additional Rules and select New Path Rule. Specify the path to runas.exe and make sure the policy is set as 'disallowed'.
You can apply this restriction to specific users only. Use a GPO linked to an OU where the user accounts reside and configure Software Restriction Policies using User Configuration instead of Computer Configuration, e.g.:
User Configuration/Windows Settings/Security Settings/Software Restriction Policies
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
and create a new DWORD named HideRunAsVerb with a value of 1,
In case of domain environment, you can use Software Restrictions Policies feature of Group Policy. Open the appropriate GPO using Group Policy Object Editor and find the following node in the console tree:
Computer Configuration/Windows Settings/Security Settings/Software Restriction Policies
Right click on it and select New Software Restriction Policies. Right-click on Additional Rules and select New Path Rule. Specify the path to runas.exe and make sure the policy is set as 'disallowed'.
You can apply this restriction to specific users only. Use a GPO linked to an OU where the user accounts reside and configure Software Restriction Policies using User Configuration instead of Computer Configuration, e.g.:
User Configuration/Windows Settings/Security Settings/Software Restriction Policies