Thread: Run as instead of Run as Adminstrator
View Single Post
  #5 (permalink)  
Old January 15th 07, 08:32 PM posted to microsoft.public.windows.vista.security
Jesper
external usenet poster
  
Posts: 839
Default Run as instead of Run as Adminstrator
Actually, there is, sort of. I wrote a couple of shell add-ons for the old
command prompt here to get an elevated command prompt. The same process can
be used here. If you export this to a reg file and import it, you will get a
Run As this app on the context menu for executables
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\cRunas]
@="Run As this app"

[HKEY_CLASSES_ROOT\exefile\shell\cRunas\command]
@="runas.exe /user:ant\\jesperAD \"%1\""

If you want the old command prompt here, you import this file:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere]
@="Command Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command]
@="cmd.exe /k cd \"%1\""

Both of these will be running with the normal token for that user. In other
words, if you runas an admin in admin approval mode, you get a low admin
token. To get an elevated token you would need an app that can elevate
arbitrary processes on the command line. I wrote one of those for the Windows
Vista Security book, but it is not quite ready for prime time yet.

"Joe Richards [MVP]" wrote:

Not that I am aware of.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Yes, sure that works, making custom shortcuts etc ... but is there any way
to add it to the contect menu using the registry a lot of folks would
appreciate that.

Cheers


"Joe Richards [MVP]" wrote in message
...
Use runas executable from the command prompt.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


alias wrote:
Hello,

Local admins only get the option to "Run as Admin" when using
right-click, which uses the account with admin rights they are logged in
with. How can we enable them to choose an alternative domain account with
priviledges for like running Exchange or AD admin tools on administrative
workstations?

Thx!

Cheers