Runas command-line tool

The Runas command is a great command-line tool that gives you the capability to run applications using the credentials of another user but watch out as you may be compromising security of the Windows 7 system. For instance, with the Runas command you can allow a standard user on a Windows 7 system to run applications that require administrator privileges.

The syntax of this command is best described using an example, for example, to run the program myapp.exe with some parameters /options, as user John use the following command:

runas /user:John “myapp.exe /options”

However, note that when you issue this command, you need to enter the password of John. Then, the application would run in John’s security context. The default setting loads the target user’s profile while, you can use the /profile option to make sure that the user profile is loaded. On the other hand, the /noprofile option stops the user profile from being loaded. To overcome the need of entering the target user’s password every time you run the command, you can use the /savecred option.

The /savecred option allows you to save the credentials of the target user account. You have to enter the password the first time you use the /savecred option. The saved credentials are stored within the Windows Vault and can be managed using Credential Manager. To use the runas with the /savecred option, use the command:

runas /savecred /user:John name “myapp.exe /option”

Note, that you cannot use the Runas command to execute an application that requires elevation if the target user account is configured to prompt for consent or prompt for credentials! You can use the Runas command to execute an application that requires elevation if the target user account is the built-in administrator account. Remember, that the built-in account is disabled by default but it can be enabled through Group Policy. Then you can use the /savecred option to save the local administrator account credentials so that they can be used automatically in the future. For example, you can run the Local Group Policy editor console from a standard user account as follows:

runas /user:administrator “mmc gpedit.msc”

Note, that saving the local administrator account credentials in the Windows Vault may pose a security risk so be careful when doing this.
(Source: http://www.sevenforums.com/)

Advertisements

2 thoughts on “Runas command-line tool

  1. An outstanding share! I’ve just forwarded this onto a friend who has been conducting a little research on this. And he actually bought me dinner because I discovered it for him… lol. So allow me to reword this…. Thank YOU for the meal!! But yeah, thanx for spending some time to discuss this matter here on your site.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s