Women in Technology

Hear us Roar



Article:
  Windows Server Hacks: Disable "Run As"
Subject:   How does this help security?
Date:   2004-03-17 14:43:38
From:   mitchtulloch
Response to: How does this help security?

Defense in depth i.e. another layer of security. Power Users also have some administrative privileges and if you make some users members of the Power Users group and one of them should let their password be compromised, well...


Also, the whole idea of having RunAs available on an ordinary user's desktop machine is a bit dangerous. The idea is convenience i.e. an administrator can run a program on a user's machine to fix something without requiring the user log off first. Imagine if a trojan was running on the user's machine when you did this...

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Mitch Tulloch photo How does this help security?
    2004-03-18 12:01:23  Mitch Tulloch | O'Reilly Author [View]

    Another reason I like to disable RunAs is because of the new /savecred option on XP Professional desktops, see this NTBUGTRAQ posting for more:

    http://archives.neohapsis.com/archives/ntbugtraq/2003-q3/0069.html