So I just learned that some of our users are using a VM to impersonate a sysadmin and logging into SSMS using the command:
runas /netonly /user:domain\username “C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe”
So the only thing that is needed to run as a sysadmin is to know the users' login?
How is this possible and how do I prevent it?
runas will prompt for the password of the account specified after /user:
, i.e. whomever is using runas to open SSMS also muct know the password for domain\username in order to launch SSMS. Try it yourself.
__________________________________________________________________________________________________There are no special teachers of virtue, because virtue is taught by the whole community. --Plato