Always "run as" administrator - "run as..." function of W2K

i essentially want to know how to set up a shortcut to run a program EVERY TIME as administrator where the user DOES NOT have to input the password to authenticate the administrator...

please advise.

there's another question, in the XP section that is very similar, but with bad hyperlinks as the solution.  the question was 21009592.

Who is Participating?
QuetzalConnect With a Mentor Commented:
do the runas command from a command prompt once with the /savecred switch.  It will remember the credentials thereafter.
talphiusConnect With a Mentor Commented:
Not aware of any way you can 'hard code' the password into a shortcut.  Even if this could be done, why would you want to do this?  What would prevent the user from modifying the shortcut to point to another application (any of the Admin tools for example), and then opening up and using those as admin?  Would kind of defeat the purpose of segregating roles, would it not? :)

Certainly you can setup the shortcut so that it is pre-filled with a username - see the below KB article;it;225035

Format is:
runas /user:machine\admin_user command
where machine is the name of your computer, admin_user is the username of the administrative user, and command is the command you want to be run
yeah right.... pleas use the /savecred switch. (No offence Quetzal)

From now on any webpage/javascript/vbscript/hacker and user can call :
CreateProcess("runas.exe", "/savecred /user:administrator \"cmd /c somecommand\"", ...)

This since savecred is NOT limited to the application where it was initially used for.
So after starting (for instance) the scannerapplication as admin with the /savecred switch,
the user can press winkey+r and run anything he/she wants as admin hereby VERY EFFECTIVELY bypassing all (local) security.

I have some tools that can do the job like sanur.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

No offense AlfaLAN because you are right, /savecred is a huge security hole.  I never realized this nuance until now.  Thx.

I'm not sure that sanur is the answer though because you have to enter the password in plaintext.

I guess it just points up why it's not a good idea to let regular users have admin privileges, it's just not a good idea.

fl4ian, can you expand a little on what you are trying to accomplish?
AlfaLANConnect With a Mentor Commented:
Thx Quetzal,

I reccommended a program like sanur.ex (or use su.exe or the latter version suss.exe available on the Resourcekit) becouse
this option is practical and for obvious reasons far better then the /savecred switch.
These tools should be used wisely together with a batchscript. And becouse everyone can read a batchscript (and thus the adminpassword) you should use a tool like battocom.exe or battoexe.exe to CONVERT the batchscript so a user cannot simply read your script (and passwords).

Another solution I personally like to use, is to write a simple vb program (compile to exe) wich opens a specified program using the impersonate functions (see: for more info on these functions...).

Instead of hardcoding admin/domain/password you could also create a commandlinetool wich could read (encrypted) info from file or registry or commandline (or combinations). Keep in mind that if you let adminname & Password read out of file/registry people can use filemon.exe or regmon.exe to trace your password....
So if you would create your own kind of su (wich can run any program using a defined user) would be a very big risk.
So hardcoding is the best way since it can run only a specified program for a specified user using a nonexternal username & password.

(see also:

Now there another trick that has come to my mind just now, so I haven't tried it yet...
If you would add a program to run as service, you can specify a username and password to run it as a different user...
Then define that the program does'nt start automatically but when needed.
Next create a shortcut wich invokes something like: 'net start specialprogram' and move it to the %userdir%\startmenu\programs.... of the users wich should have access to this shortcut.

Always keep in mind that every action that is done by the application wich is run as a different user, is done as that different user.
So if a user would execute (from that program) something like:
"%programfiles%\Internet Explorer\IEXPLORE.EXE -e %systemdrive%"
he would get explorerwindow with folders so also controlpanel, manage this computer, and everything as if he were admin...). Every program he runs from thereon is also ran as this other user. If he would browse the internet... you get it.
AlfaLAN, excellent post.  I'm really glad to to have bumped into you here.  Thx for the info.
Thank you! Out of own personal interest, can anybody top it off???
It's been quite quiet around this question for some time now...
& I'm eager to start using the searchfacility if U Know what I mean ;-)
You could also go for Runas Professional:

Or a 'simplified' scripting solution like I mentioned using:
fl4ianAuthor Commented:
i ended up creating an additional admin account and setting that password to the same one that the user usually uses to log in.

when they run the program shortcut (with the save-as switch), they have to enter the password (which is the same as the general login).

1) i implemented this after reading the first comment.
2) i haven't been back at this site yet to do more experimentation
3) alphalan, you definitely know you're stuff, but i wonder if i need to go to such a degree when savecred is easy.  espeically with a small office (less than 8 people, none of which are tech savvy), and behind a firebox...

as a result i'm splitting/adding points.
fl4ianAuthor Commented:
apparently, i can't add more points since it's alread at 500, sorry.
1) Whoow!!! Good on you! Hope putting /savecred behind a shortcut did'nt take up to much of your time...
2) If you would have read the site-rules you know you don't abandon a post for almost 2 weeks..
3) My name is ALFALAN!!!!!!!!!  And if you would have actually participated in your topic, and READ the comments you would most defenetly not ask your third question since it is already extensively awnsered.

"i ended up creating an additional admin account and setting that password to the same one that the user usually uses to log in....?!?!?!?!" Why not give the user the adminpassword instead of creating an additional security-risk????

It is also easy NOT to lock your frontdoor; You don't need those bloody key's, you don't need to get up to open the door to visitors and so on...

PS: your firebox ain't gonna blok malicious webscripts/email (just to mention some everyday risks) (GRIN :-) )....
I write them to (for intranet-support-applications) and can assure you I can modify almost anything on your computer through a vbs/js/activex (and now experimenting with flashscript to hide my source) in html. How did you think browserhijacking (for example) works ???

PS2: the most irritating part however is that you start realising what you are doing, and/or if you would simply take the effort + 15 mins of your time to test one of the other solutions, I know for shure you will stop using this solution, and start using one of mine (probably suss.exe). And in that case: Where are my earned points?
fl4ianAuthor Commented:

1) get over yourself.
2) read number 2 of my second to last comment.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.