robbase9 (7/25/2012)
So I just learned that some of our users are using a VM to impersonate a sysadmin and logging into SSMS using the command:runas /netonly /user:domain\username “C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe”
So the only thing that is needed to run as a sysadmin is to know the users' login?
How is this possible and how do I prevent it?
runas will prompt for the password of the account specified after /user:, i.e. whomever is using runas to open SSMS also muct know the password for domain\username in order to launch SSMS. Try it yourself.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato