Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 15 subscribers
  • Views 1438 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User Policy - logged on vs Run As user

alfie-t

Hi, if i have an application control policy to block an application, but then add a policy to allow it for a superuser can that application then be run while logged in as a normal user, but with the application being launched using Run As to run as the superuser?

Or does the superuser actually have to log in to run the application?

I think I already know the answer to this and I don't think it's going to be the one I wanted!

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi ,

    Yes, the application will run when launching it through Run as using supper admin account that has access to the allowed application. If you want to restrict this. You can add a policy on your GPO to remove the run-as option for those restricted users' accounts to avoid running the application through run-as.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • 0

    Hi ,

    Yes, the application will run when launching it through Run as using supper admin account that has access to the allowed application. If you want to restrict this. You can add a policy on your GPO to remove the run-as option for those restricted users' accounts to avoid running the application through run-as.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
  • 0 in reply to GlennSen

    Thanks GlenSen,

    I actually don't want to restrict this - I want to allow some admins to be able to run a particular app, but only when run using their superuser accounts via Run As.

    I've set up the policy and applied it to the super users, and can select a super user in the Users area and see that the correct policy should be being applied, but I'm still getting the application blocked when doing Run As.  I'll have another look and log a call with Sophos Support if this is supposed to work as you've described.  Thanks for your help.

  • 0 in reply to alfie-t

    You're always welcome and let us know as well if you require further assistance. In parallel, you may check as well the Policy applied on users/computers in your domain. or it could be that automatically deny elevation requests for standard users is turned on in your policy, If so? Then they can't run any program which requires elevation even with run as administrator option.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • +1 in reply to GlennSen

    Hi Glenn,

    Support have replied to let me know Run As will not allow access.  I've copied their response below in case it helps someone else.

    Because you logged in with the users that have this app set as blocked, the devices are taking the policy settings of this user and this is why even if you try to run the app as another user, this will not work. You will need to log in with a different user in order for the devices to get a different policy.

Unfiltered HTML