Secondary Logon

In previous columns, I've written about Windows 2000 features that make the OS more secure than Windows NT 4.0. Such features include tighter default security, Group Policy, Kerberos, and Active Directory (AD). Last week, I wrote about Win2K's Encrypting File System (EFS) and how that feature protects your files and folders on NTFS volumes, even if your machine or the hard disk falls into the wrong hands.

Another security feature to add to this list is secondary logon, which lets you launch any program from a standard user account to perform administrative tasks. Secondary logon is convenient because it lets administrators avoid logging off and back on to a client system to perform administration.

Instead of logging off and logging back on as an administrator, many NT administrators would simply log on with an account that has administrative capabilities—a practice that presents some obvious security risks. First, it increases the number of administrative accounts on your network, any one of which an attacker can compromise, with dire consequences. Second, using an account with administrative capabilities to perform user activities opens the machine to Trojan Horse attacks. Any Web site can contain Trojan Horse code, and when such code runs in the context of a user who has administrative privileges, the code can perform many destructive functions—from deleting files to creating new administrative accounts that can further compromise the system.

Secondary logon uses the Run As service, which is installed and configured to start automatically on Win2K machines. The easiest way to launch a program using secondary logon is to right-click the application name in your Programs menu while holding the Shift key. You can then choose Run As and enter the username and password for the account that you want to run the program under, as Figure 1 shows. You can also create a shortcut to a program and modify its properties so that it launches under a different user account, as Figure 2 shows. Then, when you click the shortcut, the system will prompt you for a username and password before running the program. Finally, you can use the Runas command to launch a program as a different user. To do so, go to a command prompt and enter the command using the context runas /user:user_name program_name.

As you can see, Win2K's secondary logon feature is easy to use. If you use secondary logon consistently instead of logging on with an account that has administrative privileges, you can help keep your network a little more secure.