Solved

Disable Right Click>Run As using Group Policy

Posted on 2010-11-16
8
4,022 Views
Last Modified: 2012-06-27
Hello, I was wondering if it is possible to set up the accounts in Active Directory to disable the option to right click and run as command.  I DON'T want to stop the option of right clicking on a file but want to fully disable the use of using Run As option. I have found out this is how alot of users can get past locked down applications within our network.

Ideally I would like to set this up using Group Policy rather than an individual edit the registry on each machine.

Is this possible?
0
Comment
Question by:alumwell
8 Comments
 
LVL 14

Expert Comment

by:athomsfere
ID: 34146560
Are they running as another user?
0
 
LVL 3

Expert Comment

by:meindertjanw
ID: 34146568
If you know what registry entries you need to modify, you can also write a startup script to check and, if necessary, modify the register values on all local machines.
0
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 34146601
You could probably just stop the secondary logon service through gorup policy.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 15

Expert Comment

by:JBond2010
ID: 34146628
You can disable RunAs using the Software Restriction Policies feature of Group Policy. To do this, open the appropriate GPO in the Group Policy Object Editor and locate the following node in the console tree:

computer configuration/windows settings/security settings/software restriction policies

Right click on this node and select New Software Restriction Policies, then right click on the Additional Rules and select New Path Rule. Now type the parth to runas.exe and make sure the policy is set to disallowed.
0
 
LVL 35

Assisted Solution

by:Joseph Daly
Joseph Daly earned 250 total points
ID: 34146674
If you decide to use the method I mentioned above by blocking the secondary logon service you can do so by using.

Computer configuration | Windows settings | security settings | System Services

Select the service and set to disabled.
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34146686
Reply to (JBond2010)
Hi

This could mean the user could copy the run as.exe to another location and run it. Hash rule would be better. I understand if you move it from there it wont be accessible from the right click menu. But can be accessed from command prompt.

0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34146717
@xxdcmast This would also depends on what other policies are configured on the network and what priviledges the users currently have.
0
 
LVL 6

Accepted Solution

by:
Kris Montgomery earned 250 total points
ID: 34146730
Hi!

Here is a link to show you exactly what you need:
http://windowsdevcenter.com/pub/a/windows/2004/03/16/serverhacks_runas.html

Thanks!

mug
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question