locked
Reverting Vista "Run as.." to Win2k behavior? RRS feed

  • Question

  • Hello all, first time poster with a Vista Security / Functionality question:

     

    At the place I work we have recently started Beta Testing Vista for internal rollout purposes, and one primary concern that cropped up early is the "Run As Administrator" function that shows on the Right Click Context Menu for almost all applications.

     

    At present we have "Run As Administrator" on the standard right click context menu, but have it totally disabled by group policy. This is actually causing issues with my fellow Helpdesk agents in attempts to try and support Vista through use of administrative accounts. We are used to being able to Shift-Right click on things in Win2k and just get the "Run As" prompt, then use our administrative accounts to work from that point on the user's machine.

     

    Is there any way, either through registry change or group policy push, that we can change the Right Click Context behavior BACK to Win2K behavior with Windows Vista?

     

    Thanks in advanced, if anyone happens to know a solid answer to this one way or another and can provide one!

    Tuesday, May 8, 2007 3:30 PM

Answers

  • For any concerned it has recently been discovered by one of my colleagues that you can actually HIDE the "Run As Administrator" entry from the Right Click Context Menu. Apparently there is a specific registry entry that can be manipulated to give this result.

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer.

     Here create a new DWORD value of HideRunAsVerb and set its value to 1. 

    Monday, May 14, 2007 3:17 PM

All replies

  • If your users are running as Standard Users, and leaving the default UAC behaviour, Vista's runas will do exactly as you wish (minus the need to hold shift). Is there a specific scenario that you are having issues with?
    Tuesday, May 8, 2007 6:30 PM
  • Well the higher ups that are coordinating the project rollout have disabled the UAC prompt by group policy. Apparently there fear is that the users will see the "Run As Adiminstrator" prompt and try to use it.. thus locking out their domain account and generating an extra Helpdesk Call.

     

    If we can turn off the "Run As Administrator" from the regular Right Click Context Menu.. and have it ONLY show up with SHIFT+Right Click.. then it would resolve the Project Coordinators' fears regarding that and they can remove the UAC disallow from Group Policies. Anyone have any ideas on this?

    Wednesday, May 9, 2007 5:11 PM
  • I'm not sure I understand the concern, since providing valid credentials to the RunAs prompt won't lock out an account, even if elevation is refused for their account. As to making it appear only if you shift-click, I'm not aware of any way to do that.
    Wednesday, May 9, 2007 7:00 PM
  • We are using a Smartcard environment, so most of our users are not logging in with Control+Alt+Delete's. We are also concerned with, what happens if INVALID credentials are applied to the "Run As Administrator" prompt? Will that lock out the account, or worse block the smartcard?

     

    The big complications we are running across regarding Vista is our environment. We are using Vista Enterprise Edition, on a Windows 2000/2003 Active Directory managed domain. So we have restricted access user accounts using Vista clients, with technical support persons (such as myself) using administratively permissioned accounts to support the users. Add smartcards for users into the mix, and it is a very sensitive security structure.

     

    Basically the question remains constant no matter what my motivation really is:

     

    Is there a way to turn off "Run As Administrator" on the regular Right Click Context Menu , when clicking on program icons or executables, while keeping it listed on the Shift Right Click Context Menu? (Basically reverting it back to Windows 2000/2003/XP Functionality)

    Thursday, May 10, 2007 5:00 PM
  • For any concerned it has recently been discovered by one of my colleagues that you can actually HIDE the "Run As Administrator" entry from the Right Click Context Menu. Apparently there is a specific registry entry that can be manipulated to give this result.

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer.

     Here create a new DWORD value of HideRunAsVerb and set its value to 1. 

    Monday, May 14, 2007 3:17 PM