Link to home
Create AccountLog in
Avatar of alumwell
alumwell

asked on

Disable Right Click>Run As using Group Policy

Hello, I was wondering if it is possible to set up the accounts in Active Directory to disable the option to right click and run as command.  I DON'T want to stop the option of right clicking on a file but want to fully disable the use of using Run As option. I have found out this is how alot of users can get past locked down applications within our network.

Ideally I would like to set this up using Group Policy rather than an individual edit the registry on each machine.

Is this possible?
Avatar of athomsfere
athomsfere
Flag of United States of America image

Are they running as another user?
If you know what registry entries you need to modify, you can also write a startup script to check and, if necessary, modify the register values on all local machines.
Avatar of Joseph Daly
You could probably just stop the secondary logon service through gorup policy.
You can disable RunAs using the Software Restriction Policies feature of Group Policy. To do this, open the appropriate GPO in the Group Policy Object Editor and locate the following node in the console tree:

computer configuration/windows settings/security settings/software restriction policies

Right click on this node and select New Software Restriction Policies, then right click on the Additional Rules and select New Path Rule. Now type the parth to runas.exe and make sure the policy is set to disallowed.
SOLUTION
Avatar of Joseph Daly
Joseph Daly
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of moon_blue69
moon_blue69

Reply to (JBond2010)
Hi

This could mean the user could copy the run as.exe to another location and run it. Hash rule would be better. I understand if you move it from there it wont be accessible from the right click menu. But can be accessed from command prompt.

@xxdcmast This would also depends on what other policies are configured on the network and what priviledges the users currently have.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account