Skip navigation

JSI Tip 2548. The Windows 2000 Runas utility.

The Runas utility is primarily designed to allow administrators to logon as an ordinary user, but to invoke a seconary logon, without logging off, in order to run administrative tools with administrator rights and permissions.

Each Administrator can have an ordinary account and an account that is a member of an administrators group, or they can all share an administrators account.

In addition to securing your system against an unintended action, secondary logons prevent a 'Trojan Horse' attack if you were using IE while accessing a non-trusted site.

Ordinary users can also use the Runas functionality, to start programs under different user contexts.

Examples

Opening a CMD prompt in the local Administrator context

Start / Run / Runas /user:<ComputerName>\administrator CMD will open a CMD Windows titled <ComputerName>\administrator and prompt for the Administrator's password. Any command-based programs will run in the <ComputerName>\administrator context.

NOTE: If you run any program that stores files in the per-user folders, use the /profile switch or they will be stored in the default user profile.

Running a Control Panel Tool in the local Administrator context.

Start / Settings / Control Panel and select the tool with a single left click. Hold down the SHIFT key and right-click the icon. Press Runas. Enter the credentials when prompted.

Starting a shortcut in the local Administrator context.

Hightlight the shortcut, hold down the SHIFT key and right-click the icon. Press Runas.

NOTE: You can use this technique on any registered file type, such as running Computer Management with a shortcut to %SystemRootA%\System32\compmgmt.msc.

NOTE: You can configure a shortcut to always use a secondary logon by opening the Properties page and clicking Run as different user.

Running the Windows Explorer Shell in local Administrator Context

Start Task Manager and press the Processes tab. Select Explorer.exe and press End Process and YES. Your desktop will disappear. Select the Programs tab and press New Task. Type:

Runas /user:<ComputerName>\administrator explorer.exe

and press OK. Enter the password.

The desktop will return.

When you are finished using this context, log off and a new explorer shell in the original context will start.

NOTE: The Runas service (SecLogon) must be started for Run as to function.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish