Suramya's Blog : Welcome to my crazy life…

November 2, 2007

How to disable the ‘Run As’ option in Windows

Filed under: Computer Security,Knowledgebase,Tech Related — Suramya @ 12:13 PM

In Windows 2000 the ‘Run As’ option was introduced, the premise was that you would login as a regular user and if you needed to run a particular program as a different user or an administrator you would use it. Basically it duplicated the su functionality from the Unix/Linux world.

Now if for some reason you want to disable this feature, follow these steps:

For standalone Windows XP machines in a workgroup environment, you can disable Run As by hacking the Registry. Simply use Regedit.exe to locate the following key on each machine:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

Then create a new DWORD value named HideRunAsVerb and assign it a value of 1.

In a domain environment, you can disable RunAs using the Software Restriction Policies feature of Group Policy. To do this, open the appropriate GPO in the Group Policy Object Editor and locate the following node in the console tree:

Computer Configuration/Windows Settings/Security Settings/Software Restriction Policies

Right-click on this node and select New Software Restriction Policies, then right-click on Additional Rules and select New Path Rule. Now type the path to runas.exe and make sure the policy is set to disallowed.

If you prefer to apply this policy to specific users instead of computers, use a GPO linked to an OU where the user accounts reside and configuring Software Restriction Policies using User Configuration instead of Computer Configuration, such as:

User Configuration/Windows Settings/Security Settings/Software Restriction Policies

Source: Disabling the RunAs command

More detailed version: Disable RunAs

– Suramya

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress