[Full-disclosure] Bypass user GPO in Windows Xp / 2003
espen at espen.mine.nu
Wed Dec 21 14:29:47 GMT 2005
I know how to disable this - thats not the problem. I just tought it was
a bit strange that the GPO settings could be bypassed.
We also discovered that GPO's where applied if the user had cached
profile on the desktop - but could be bypassed again with the "runas
It can be turned off in several ways:
- there is a setting for it in the std. GPO templates.
/HideRunAsVerb = 1/
- Disable the secondary logon process.
- set acl's on the runas.exe
Full-Disclosure is hosted and sponsored by Secunia.