make "run as a different user" default to MY admin account

Turn off UAC.  :P

It sortof defeats the purpose of having UAC if all you do is create ways that sidestep it.

Or, maybe I'm missing what you are asking?

Our local user accounts are not allowed to be an admin, however I need to make a lot of changes using an Admin account.

This would be an issue with or withour UAC, as the local user has not the rights needed to perform the task.  

It would still be somewhat secure, as the PW would still be required.  Slightly less secure though as the username would be there, but we have easy to guess user names anyhow.

Oh, I see.  Sorry...I really was missing something!  <grin>

Hrm...nothing off the top of my head.  Sorry...

go into the program compatibility settings and force it to run as an administrator

@David Johnson

While that would work to run it with elevated privileges, I think what he's looking for is a way to accomplish that when logged into a machine with an account that does NOT have local admin rights.

Your solution would not cover that situation.

You are thinking as I thought at first, this was UAC at work, but that's not what he's saying at all...

He's logging into a system, say, as a Power User, and then wanting to run something as an Administrator.

Or, maybe I'm missing something (I often do, plus I'm watching the UTenn ladies play, so...they are distracting!)

englanddg you are spot on.


'UserA' account logs in locally, but had no admin rights.  'UserA's owner also has a domain admin account 'AdminA'

So I must log in locally as 'UserA' (Policy prohibits using a domain admin account as your every day access account), but a lot of what I need to do for my job requires me to run programs as 'AdminA'

Any way to make this work?

With Powershell you can start a shell providing secure credentials (fixed and valid for a specific machine plus (source) account only), or let ask for the password.

That said, what is the issue with calling runas, which then starts a cmd prompt for that user?

Hello

I don't think this is possible to be done. What you can do is to create a shortcut to your mmc using runas command
runas /user:AdDomain\UserName mmc [password]

putting password in the bat is not really secure, but can be easy ...


Dan

dan_blagut,

runas does not allow to provide the password as parameter. And there is no mentioning of "mmc" anywhere.

If you have many programs to run with admin rights, that sounds as there is no point to require a non-admin login.
You can always elevate rights within a command window, and then run any program/application you want from the elevated rights window.

start command windows with using the run as administrator.
from this window you can start any program and it will run with elevated rights.

I think this will solve the need to run: instead of
start program 1 as administrator (provide login info)
start program 2 as administrator (provide login info)

start command as administrator (provide login info)
elevated command window opens: any command run here will be running with elevated rights,
               start program 1
               start program 2

Back in "the old days", I would just start up MMC, add all the snap-ins that I needed and saved it to the desktop. Then I would run that file as administrator and just leave it open all day.

Now that MS has switched to individual apps for many things (like System Centre), the above doesn't work as well any more, but in the advanced properties of the application console icons, I have checked the option to run as administrator. Saves a couple of clicks anyway.

Alternatively, if you are not allowed to use your admin account for everyday access, could you build a VM with all the management software you need on it?

Rich,

I like that solution and it works great, but I would prefer if it prompted for the PW rather than store it.

I used to be able to do this easily in XP, but haven't gotten a Windows 7 version of it working.

Set objpassword = CreateObject("ScriptPW.Password") 
WScript.StdOut.Write "Please enter your password:" 
password = objpassword.GetPassword()

Select allOpen in new window

Perfect.

I actually have an alternate idea which would work depending on what you are trying to do.  If your goal is to find a faster way to run / start apps as a different user, then this is what I use which should be faster than right clicking at all!

As I'm sure you know, you could create a batch file to launch any app as a different user.  The bad part about that is that your credentials would be stored in plain text.  A couple of years ago, I found CPAU.  CPAU is a tiny freeware command line tool which works around this issue.  Using a command line string, CPAU creates an encrypted ".job" file which stores the command to start the app plus the credentials you wish to use.  Once created, you simply run something like "cpau exmaple.job" and the app opens using the credentials you made the job file with.

Personally, I've created a .job file for each app I open as my service account.  I also create a batch file for each which runs the job file which I've added to Windows as shortcuts with custom icons.  Long story short, when I start certain apps on my PC now, they open using my alternate credentials which are perfectly safe and encrypted.

If this helps and you need help setting up the formatting, let me know.  Almost everything follows the same string format to create .job files except MMC apps which are a bit different.

Hope it helps!

I didn't thoroughly read all the answers, sorry about that, not much time atm.... You can create a group at the domain level, then use group policy to make that group a member of the local administrators group on the workstations. Then put your 'standard account' (Not the Domain Admin account), or create a user account explicitly for working on the systems in that group. When you log onto the systems as either that account you're an admin, or when you use their account, and 'run-as' use that account, and you are running the process as a local admin.