The RunAs utility in WinXP Pro has a /savecred option. Is there a GPO setting to disable this on administrator workstations so passwords must be provided by admins?
Sadly, there doesn't seem to be one. Many people have lamented the fact that the /savecred option in RunAs can be a massive security hole. With this in mind, I've recommended in the past not using RunAs to run programs in the context of an administrator, simply because it's too easily defeated. There are a number of better solutions, such as TQRunas, which allows you to run programs as administrator without revealing administrator credentials to the end user. CPAU is another (freeware) solution to the same problem, again with some more attention paid to security.
Dig Deeper on Windows Server troubleshooting
This week, our expert answers the question of how to get DVD data off a disc, even if the user's PC doesn't have an optical drive.
This week, our expert answers a question on how to connect a phone or tablet to a USB drive with a micro-USB connector.
Open source and free suites such as LibreOffice and OpenOffice could save organizations money, but not effort in comparison with Microsoft Office.