Tuesday, October 22, 2013

Windows RUNAS Command Restrictions


Understanding RunAs or ‘Run as different User’


The command “runas /user:domain\user appName” or,


the use of SHIFT-Right-Click “Run as different User” from the context menu applications can be started with different user logons.


When you do either of these an authentication occurs and a new Windows process will be created with the specified user account. Unless defined, a temporary Windows profile will be loaded. This is not typical user logon process, so no GPO will be applied.

You can still restrict the RunAs / Run as different User function by removing the access to it.

There are two steps to remove the RunAs and Run as different User:

1. Restrict the access to runas.exe:
- Remove the user permission from C:\Windows\System32\runas.exe

2. The second step is to remove the Run as different User entry from the context menu. Delete the following registry keys
- HKEY_CLASSES_ROOT\exefile\shell\runasuser
- HKEY_CLASSES_ROOT\batfile\shell\runasuser
- HKEY_CLASSES_ROOT\cmdfile\shell\runasuser
- HKEY_CLASSES_ROOT\mscfile\shell\runasuser
- HKEY_CLASSES_ROOT\Msi.Package\shell\runasuser


Thanks to http://blogs.citrix.com/2013/10/15/the-almost-forgotten-hardening-runas-run-as-different-user for this information

No comments:

Blog Archive