What if you launch the command prompt elevated and that is where you use
runas to fire gpmc...



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Gerry Hickman wrote:
Hi Joe,

If I try this logged in as a user who is a member of the Administrators
group, the RunAs command does NOT allow elevation. For example if I log
in as MACHINE\LocalAdmin (with UAC enabled) then start a command prompt
as "Administrator", then try to RUNAS gpmc and enter my domain admin
credentials, it's gives an error saying it can't elevate...

Joe Richards [MVP] wrote:
Certainly an option but I would way go for using the cmd prompt and
running runas there. Likely I could start up an admin tool faster that
way then someone could do it via the GUI anyway.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Jesper wrote:
Shoulda mentioned that you need to hard-code the username in there,
and remove the one I put in which is a dummy test account.
"Jesper" wrote:

Actually, there is, sort of. I wrote a couple of shell add-ons for
the old command prompt here to get an elevated command prompt. The
same process can be used here. If you export this to a reg file and
import it, you will get a Run As this app on the context menu for
executables
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\cRunas]
@="Run As this app"

[HKEY_CLASSES_ROOT\exefile\shell\cRunas\command]
@="runas.exe /user:ant\\jesperAD \"%1\""

If you want the old command prompt here, you import this file:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere]
@="Command Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command]
@="cmd.exe /k cd \"%1\""

Both of these will be running with the normal token for that user.
In other words, if you runas an admin in admin approval mode, you
get a low admin token. To get an elevated token you would need an
app that can elevate arbitrary processes on the command line. I
wrote one of those for the Windows Vista Security book, but it is
not quite ready for prime time yet.
"Joe Richards [MVP]" wrote:

Not that I am aware of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Yes, sure that works, making custom shortcuts etc ... but is there
any way to add it to the contect menu using the registry a lot of
folks would appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are
logged in with. How can we enable them to choose an alternative
domain account with priviledges for like running Exchange or AD
admin tools on administrative workstations?

Thx!

Cheers

here is how to change that behavior

http://www.windowsconnected.com/blog...nistrator.aspx

josh
http://windowsconnected.com

"Daniel Côté" wrote in message
...
same issue here. Can,t elevate with the RUN AS ADMIN command. What gives ?
Dan
Sudbury, Canada