QUESTION POSED ON: 12 April 2005 The RunAs utility in WinXP Pro has a /savecred option. Is there a GPO setting to disable this on administrator workstations so passwords must be provided by admins?
>
Sadly, there doesn't seem to be one. Many people have lamented the fact that the /savecred option in RunAs can be a massive security hole. With this in mind, I've recommended in the past not using RunAs to run programs in the context of an administrator, simply because it's too easily defeated. There are a number of better solutions, such as TQRunas, which allows you to run programs as administrator without revealing administrator credentials to the end user. CPAU is another (freeware) solution to the same problem, again with some more attention paid to security.
Search and Browse the Expert Answer Center Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.