I work at a large high school and we have a Software Ristriction GPO in place so students cannot access Outlook. All has been good untill the other day another tech noticed he could right click Outlook and select ‘Run as administrator’ while logged in as a student and the program would run!
I was surprise and though that there must be a wrong setting somewhere. Checked gpresult settings for UAC and local administrators but they seems fine. If uses can access ‘Run as administrator’ then I believe they have access to ‘admin approval mode’.
I enabled UAC (via group policy) on a test OU it then prompts for credentials which is good but not ideal. I’d rather have UAC disabled (as it is by default on Win 7 domain memebers).
For a work around I have read: petri.co.il/disable_runas.htm (sorry not allowed URLs in my posts yet).
to disable the RUNAS program. I’d like to disable the shell entry too. I am just very surprised that this is possible with the defaults. This seems like a big flaw.
Have I missed something? What are others doing?
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.