Hi
I know how to disable this - thats not the problem. I just tought it was
a bit strange that the GPO settings could be bypassed.
We also discovered that GPO's where applied if the user had cached
profile on the desktop - but could be bypassed again with the "runas
/noprofile" option.
It can be turned off in several ways:
- there is a setting for it in the std. GPO templates.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
/HideRunAsVerb = 1/
- Disable the secondary logon process.
- set acl's on the runas.exe
Espen
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
