Understanding RunAs or ‘Run as different User’
http://technet.microsoft.com/en-us/library/cc771525.aspx
The command “runas /user:domain\user appName” or,
the use of SHIFT-Right-Click “Run as different User” from the context menu applications can be started with different user logons.
When you do either of these an authentication occurs and a new Windows process will be created with the specified user account. Unless defined, a temporary Windows profile will be loaded. This is not typical user logon process, so no GPO will be applied.
You can still restrict the RunAs / Run as different User function by removing the access to it.
There are two steps to remove the RunAs and Run as different User:
1. Restrict the access to runas.exe:
- Remove the user permission from C:\Windows\System32\runas.exe
2. The second step is to remove the Run as different User entry from the context menu. Delete the following registry keys
- HKEY_CLASSES_ROOT\exefile\shell\runasuser
- HKEY_CLASSES_ROOT\batfile\shell\runasuser
- HKEY_CLASSES_ROOT\cmdfile\shell\runasuser
- HKEY_CLASSES_ROOT\mscfile\shell\runasuser
- HKEY_CLASSES_ROOT\Msi.Package\shell\runasuser
Thanks to http://blogs.citrix.com/2013/10/15/the-almost-forgotten-hardening-runas-run-as-different-user for this information
No comments:
Post a Comment