No edit summary |
No edit summary |
||
Line 104: | Line 104: | ||
</syntaxhighlight>References: | </syntaxhighlight>References: | ||
<references /> | <references /> | ||
[[Category:Execution]] |
Revision as of 10:16, 19 September 2023
Runas[1]
Execute a program under a different user account (non-elevated).
Syntax:
RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
/user:UserName program
RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
/smartcard [/user:UserName] program
Display the trust levels that can be used:
RUNAS /showtrustlevels
Run a program at a given TrustLevel:
RUNAS /trustlevel:TrustLevel program
key
/noprofile Do not load the user's profile.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile Load the user's profile. (default)
/env Use the current environment instead of user's.
/netonly Use the credentials for remote access only.
/savecred Use credentials previously saved by the user.
/smartcard Load the credentials from a smartcard.
/user UserName in the form USER@DOMAIN or DOMAIN\USER
/trustlevel Level One of levels enumerated in /showtrustlevels.
RunAs is not able to launch an application with an elevated
access token.
program The program to run.
Enter the password when prompted. Tips
/profile is not compatible with /netonly.
/savecred is not compatible with /smartcard.
When you start a program with RunAs /netonly, the program will execute on your local computer as the user
you are currently logged on as, but any connections to other computers on the network will be made
using the user account specified.
Without /netonly everything will run under the user account specified.
The RUNAS command unlike most other CMD and DOS commands requires that it’s command line is quoted,
it uses the regular C runtime library command line parser. This also means that RUNAS requires
the backslash \ as an escape character, not the standard ^ escape used by other CMD commands.
RunAs Reqires the "Secondary Logon" service to be running.
The error level %ERRORLEVEL% returned by RunAs: success = 0, failure = 1
Run with Elevated permissions
In Windows Vista and above, you can run a script with elevated permissions by right clicking and choosing "Run As Administrator"
The RunAs command predates elevation, so it has no switch for running an elevated command.
Alternatives: invoke the UAC dialogue by calling the VBScript function .ShellExecute
or call PowerShell.exe -Verb runAs
If you are already running elevated, for example an elevated CMD shell, then RUNAS will launch an application as elevated, but this is equally true just running a command without RUNAS, it makes no difference.
When a script is run with elevated permissions several aspects of the user environment will change: The current directory, the current TEMP folder and any mapped drives will be disconnected.
RunAs from Windows Explorer
Select an executable file, Shift-Right-click and select Run As..
This option can be hidden by setting
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HideRunAsVerb=1
RunAs to force a password Sync
If you are connecting to a remote network/VPN and the remote/domain password gets out of sync with the local machine, use RunAs to open a second prompt explicitly passing the domain and username to force a password sync.
runas /user:SS64Dom\User64 cmd.exe
Enter the domain password.
Wait a few minutes until you see the notification area pop-up: "Windows Needs Your Current
Credentials Please lock this computer, then unlock it using your most recent password or smart card.
Examples
#Run notepad.exe as the user Jdoe on domain SS64dom with no profile:
C:\> Runas /noprofile /user:SS64Dom\jDoe "notepad.exe"
#Run CMD.exe as the Administrator on the local machine Dellpc64:
C:\> Runas /profile /user:DELLPC64\administrator CMD
#Run Notepad.exe as 'Natasha' on domain SS64dom using the current environment, and open a file, escape the quote characters around the filename with \ :
C:\> Runas /profile /env /user:SS64Dom\natasha "notepad \"C:\work\demo file.txt\""
#Run Active Directory Users and Computers (dsa.msc) as the user Jdoe on domain SS64dom:
C:\> Runas /env /user:SS64Dom\jDoe "START %windir%\system32\dsa.msc"
<section end="runas" />
References: