A Windows Vista forum. Vista Banter

Welcome to Vista Banter.

You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Go Back   Home » Vista Banter forum » Microsoft Windows Vista » Security and Windows Vista
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)

Run as instead of Run as Adminstrator



 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old January 15th 07, 03:11 PM posted to microsoft.public.windows.vista.security
Guest
 
Posts: n/a
Default Run as instead of Run as Adminstrator

Hello,

Local admins only get the option to "Run as Admin" when using right-click,
which uses the account with admin rights they are logged in with. How can we
enable them to choose an alternative domain account with priviledges for
like running Exchange or AD admin tools on administrative workstations?

Thx!

Cheers


  #2 (permalink)  
Old January 15th 07, 04:39 PM posted to microsoft.public.windows.vista.security
Joe Richards [MVP]
external usenet poster
 
Posts: 19
Default Run as instead of Run as Adminstrator

Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using right-click,
which uses the account with admin rights they are logged in with. How can we
enable them to choose an alternative domain account with priviledges for
like running Exchange or AD admin tools on administrative workstations?

Thx!

Cheers


  #3 (permalink)  
Old January 15th 07, 05:11 PM posted to microsoft.public.windows.vista.security
Guest
 
Posts: n/a
Default Run as instead of Run as Adminstrator

Yes, sure that works, making custom shortcuts etc ... but is there any way
to add it to the contect menu using the registry a lot of folks would
appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are logged in
with. How can we enable them to choose an alternative domain account with
priviledges for like running Exchange or AD admin tools on administrative
workstations?

Thx!

Cheers



  #5 (permalink)  
Old January 15th 07, 09:32 PM posted to microsoft.public.windows.vista.security
Jesper
external usenet poster
 
Posts: 839
Default Run as instead of Run as Adminstrator

Actually, there is, sort of. I wrote a couple of shell add-ons for the old
command prompt here to get an elevated command prompt. The same process can
be used here. If you export this to a reg file and import it, you will get a
Run As this app on the context menu for executables
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\cRunas]
@="Run As this app"

[HKEY_CLASSES_ROOT\exefile\shell\cRunas\command]
@="runas.exe /user:ant\\jesperAD \"%1\""

If you want the old command prompt here, you import this file:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere]
@="Command Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command]
@="cmd.exe /k cd \"%1\""

Both of these will be running with the normal token for that user. In other
words, if you runas an admin in admin approval mode, you get a low admin
token. To get an elevated token you would need an app that can elevate
arbitrary processes on the command line. I wrote one of those for the Windows
Vista Security book, but it is not quite ready for prime time yet.

"Joe Richards [MVP]" wrote:

Not that I am aware of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Yes, sure that works, making custom shortcuts etc ... but is there any way
to add it to the contect menu using the registry a lot of folks would
appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are logged in
with. How can we enable them to choose an alternative domain account with
priviledges for like running Exchange or AD admin tools on administrative
workstations?

Thx!

Cheers




  #6 (permalink)  
Old January 15th 07, 09:34 PM posted to microsoft.public.windows.vista.security
Jesper
external usenet poster
 
Posts: 839
Default Run as instead of Run as Adminstrator

Shoulda mentioned that you need to hard-code the username in there, and
remove the one I put in which is a dummy test account.

"Jesper" wrote:

Actually, there is, sort of. I wrote a couple of shell add-ons for the old
command prompt here to get an elevated command prompt. The same process can
be used here. If you export this to a reg file and import it, you will get a
Run As this app on the context menu for executables
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\cRunas]
@="Run As this app"

[HKEY_CLASSES_ROOT\exefile\shell\cRunas\command]
@="runas.exe /user:ant\\jesperAD \"%1\""

If you want the old command prompt here, you import this file:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere]
@="Command Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command]
@="cmd.exe /k cd \"%1\""

Both of these will be running with the normal token for that user. In other
words, if you runas an admin in admin approval mode, you get a low admin
token. To get an elevated token you would need an app that can elevate
arbitrary processes on the command line. I wrote one of those for the Windows
Vista Security book, but it is not quite ready for prime time yet.

"Joe Richards [MVP]" wrote:

Not that I am aware of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Yes, sure that works, making custom shortcuts etc ... but is there any way
to add it to the contect menu using the registry a lot of folks would
appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are logged in
with. How can we enable them to choose an alternative domain account with
priviledges for like running Exchange or AD admin tools on administrative
workstations?

Thx!

Cheers



  #7 (permalink)  
Old January 16th 07, 12:16 AM posted to microsoft.public.windows.vista.security
Joe Richards [MVP]
external usenet poster
 
Posts: 19
Default Run as instead of Run as Adminstrator

Certainly an option but I would way go for using the cmd prompt and
running runas there. Likely I could start up an admin tool faster that
way then someone could do it via the GUI anyway.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Jesper wrote:
Shoulda mentioned that you need to hard-code the username in there, and
remove the one I put in which is a dummy test account.

"Jesper" wrote:

Actually, there is, sort of. I wrote a couple of shell add-ons for the old
command prompt here to get an elevated command prompt. The same process can
be used here. If you export this to a reg file and import it, you will get a
Run As this app on the context menu for executables
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\cRunas]
@="Run As this app"

[HKEY_CLASSES_ROOT\exefile\shell\cRunas\command]
@="runas.exe /user:ant\\jesperAD \"%1\""

If you want the old command prompt here, you import this file:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere]
@="Command Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command]
@="cmd.exe /k cd \"%1\""

Both of these will be running with the normal token for that user. In other
words, if you runas an admin in admin approval mode, you get a low admin
token. To get an elevated token you would need an app that can elevate
arbitrary processes on the command line. I wrote one of those for the Windows
Vista Security book, but it is not quite ready for prime time yet.

"Joe Richards [MVP]" wrote:

Not that I am aware of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Yes, sure that works, making custom shortcuts etc ... but is there any way
to add it to the contect menu using the registry a lot of folks would
appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are logged in
with. How can we enable them to choose an alternative domain account with
priviledges for like running Exchange or AD admin tools on administrative
workstations?

Thx!

Cheers

  #8 (permalink)  
Old January 16th 07, 03:50 AM posted to microsoft.public.windows.vista.security
Jesper
external usenet poster
 
Posts: 839
Default Run as instead of Run as Adminstrator

No doubt an elevated command prompt is far faster when you need to run
several tasks. That's why I liked the idea of being able to right-click a
folder and open an elevated command prompt there.

"Joe Richards [MVP]" wrote:

Certainly an option but I would way go for using the cmd prompt and
running runas there. Likely I could start up an admin tool faster that
way then someone could do it via the GUI anyway.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Jesper wrote:
Shoulda mentioned that you need to hard-code the username in there, and
remove the one I put in which is a dummy test account.

"Jesper" wrote:

Actually, there is, sort of. I wrote a couple of shell add-ons for the old
command prompt here to get an elevated command prompt. The same process can
be used here. If you export this to a reg file and import it, you will get a
Run As this app on the context menu for executables
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\cRunas]
@="Run As this app"

[HKEY_CLASSES_ROOT\exefile\shell\cRunas\command]
@="runas.exe /user:ant\\jesperAD \"%1\""

If you want the old command prompt here, you import this file:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere]
@="Command Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command]
@="cmd.exe /k cd \"%1\""

Both of these will be running with the normal token for that user. In other
words, if you runas an admin in admin approval mode, you get a low admin
token. To get an elevated token you would need an app that can elevate
arbitrary processes on the command line. I wrote one of those for the Windows
Vista Security book, but it is not quite ready for prime time yet.

"Joe Richards [MVP]" wrote:

Not that I am aware of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Yes, sure that works, making custom shortcuts etc ... but is there any way
to add it to the contect menu using the registry a lot of folks would
appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are logged in
with. How can we enable them to choose an alternative domain account with
priviledges for like running Exchange or AD admin tools on administrative
workstations?

Thx!

Cheers


  #9 (permalink)  
Old February 14th 07, 11:13 PM posted to microsoft.public.windows.vista.security
Gerry Hickman
external usenet poster
 
Posts: 116
Default Run as instead of Run as Adminstrator

Hi Joe,

If I try this logged in as a user who is a member of the Administrators
group, the RunAs command does NOT allow elevation. For example if I log
in as MACHINE\LocalAdmin (with UAC enabled) then start a command prompt
as "Administrator", then try to RUNAS gpmc and enter my domain admin
credentials, it's gives an error saying it can't elevate...

Joe Richards [MVP] wrote:
Certainly an option but I would way go for using the cmd prompt and
running runas there. Likely I could start up an admin tool faster that
way then someone could do it via the GUI anyway.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Jesper wrote:
Shoulda mentioned that you need to hard-code the username in there,
and remove the one I put in which is a dummy test account.
"Jesper" wrote:

Actually, there is, sort of. I wrote a couple of shell add-ons for
the old command prompt here to get an elevated command prompt. The
same process can be used here. If you export this to a reg file and
import it, you will get a Run As this app on the context menu for
executables
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\cRunas]
@="Run As this app"

[HKEY_CLASSES_ROOT\exefile\shell\cRunas\command]
@="runas.exe /user:ant\\jesperAD \"%1\""

If you want the old command prompt here, you import this file:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere]
@="Command Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command]
@="cmd.exe /k cd \"%1\""

Both of these will be running with the normal token for that user. In
other words, if you runas an admin in admin approval mode, you get a
low admin token. To get an elevated token you would need an app that
can elevate arbitrary processes on the command line. I wrote one of
those for the Windows Vista Security book, but it is not quite ready
for prime time yet.
"Joe Richards [MVP]" wrote:

Not that I am aware of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Yes, sure that works, making custom shortcuts etc ... but is there
any way to add it to the contect menu using the registry a lot of
folks would appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are
logged in with. How can we enable them to choose an alternative
domain account with priviledges for like running Exchange or AD
admin tools on administrative workstations?

Thx!

Cheers



--
Gerry Hickman (London UK)
  #10 (permalink)  
Old February 15th 07, 01:55 AM posted to microsoft.public.windows.vista.security
Daniel Côté
external usenet poster
 
Posts: 19
Default Run as instead of Run as Adminstrator

same issue here. Can,t elevate with the RUN AS ADMIN command. What gives ?

Dan
Sudbury, Canada
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 12:06 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright ©2004-2024 Vista Banter.
The comments are property of their posters.