JSI Tip 3286. Problems with the RunAs command after applying Windows 2000 SP1?


After you install Service Pack 1 on Windows 2000, the RunAS command may not function properly.

When you type runas /? at a CMD prompt, the following is displayed:

RUNAS USAGE:

RUNAS \[/profile\] \[/env\] \[/netonly\] /user:<UserName> program

   /profile        if the user's profile needs to be loaded
   /env            to use current environment instead of user's.
   /netonly        use if the credentials specified are for remote access only.
   /user            should be in form [email protected] or DOMAIN\USER
   program         command line for EXE.  See below for examples

Examples:
> runas /profile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:[email protected] "notepad \"my file.txt\""

NOTE:  Enter user's password only when prompted.
NOTE:  [email protected] is not compatible with /netonly.
The format of the /user: entries are:

 [email protected]    

UPN (User Principal Name). 

 mydomain\admin 

Security Principal \ UserName syntax, where Security Principal is your down-level domain name. 

mymachine\administrator 

 Security Principal \ UserName syntax, where Security Principal is your local computer name. 
<UserName> 
 Plain UserName syntax, where the Security Principal is determined by the RunAs command, based upon whether the computer is a domain member or a standalone computer. 

If you use the UPN, the program starts, but you receive:

Microsoft Visual C++ Runtime Library
Runtime Error!
Program "path to executable"
abnormal program termination.
If you use the <UserName> syntax on a standalone computer, the same error occurs.

If you use the <UserName> syntax on a domain member or domain controller, you receive:

RUNAS ERROR: Unable to run - "command"
1326: Logon failure: unknown user name or bad password.
You may also experience these problems with MMC.EXE and Ntbackup.exe.

Occasionally, when the RunAS command tries to convert the UserName syntax to the Security Principal \ UserName syntax, it errors, failing to grant desktop access to the user.

The solution is to always use the Security Principal \ UserName syntax, forgoing the UPN and UserName syntax, until the problem is fixed in a future Service Pack.

NOTE: See tip 2548 » The Windows 2000 Runas utility.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish