Women in Technology

Hear us Roar

  Windows Server Hacks: Disable "Run As"
Subject:   How does this help security?
Date:   2004-03-17 14:15:44
From:   sbonds
Forgive my ignorance, but how does this improve security? The security is in the password of the administrative user. Without that "ordinary users" won't be able to use "Run As" to do anything malicious.

-- Steve

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Mitch Tulloch photo How does this help security?
    2004-03-17 14:43:38  Mitch Tulloch | O'Reilly Author [View]

    Defense in depth i.e. another layer of security. Power Users also have some administrative privileges and if you make some users members of the Power Users group and one of them should let their password be compromised, well...

    Also, the whole idea of having RunAs available on an ordinary user's desktop machine is a bit dangerous. The idea is convenience i.e. an administrator can run a program on a user's machine to fix something without requiring the user log off first. Imagine if a trojan was running on the user's machine when you did this...
    • Mitch Tulloch photo How does this help security?
      2004-03-18 12:01:23  Mitch Tulloch | O'Reilly Author [View]

      Another reason I like to disable RunAs is because of the new /savecred option on XP Professional desktops, see this NTBUGTRAQ posting for more: