Windows Server Hacks: Disable "Run As"
Subject:   Doesn't always work
Date:   2004-03-17 11:01:29
From:   nasseam
Software Restriction Policies path rules have good intentions but are a horrible means of file security. I once set path rules on a network to prevent certain chatting and file-sharing programs from running but the rules only worked for a few users. Why? Because path rules check for the exact path and filename so some users just copied the files somewhere else or renamed them.

This brings us to a good point in server lockdown: don't base any security policy on unawareness. These policies are easily recognizable and usually have the phrases "but most users" or "the majority of users won't" in them. These are true hacks in the sense that they don't solve the real problem but just workaround them.

A better means of disabling runas would be to set ACL permissions or to use a hash rule (also available using Software Restriction Policies). A hash rule solves the problem of copying or renaming because it is a hash of the actual bytes.

1 to 1 of 1
  1. Mitch Tulloch photo Doesn't always work
    2004-03-17 11:58:22  Mitch Tulloch | O'Reilly Author [View]

    • Doesn't always work
      2004-03-18 12:48:37  jmbwi [View]

      • Doesn't always work
        2004-07-22 04:47:45  Mysidia [View]

      • Mitch Tulloch photo Doesn't always work
        2004-03-18 13:21:12  Mitch Tulloch | O'Reilly Author [View]

1 to 1 of 1