Always "run as" administrator - "run as..." function of W2K

Posted on 2004-09-12
Last Modified: 2008-11-22
i essentially want to know how to set up a shortcut to run a program EVERY TIME as administrator where the user DOES NOT have to input the password to authenticate the administrator...

please advise.

there's another question, in the XP section that is very similar, but with bad hyperlinks as the solution.  the question was 21009592.

Question by:fl4ian
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 3
  • +1

Assisted Solution

talphius earned 200 total points
ID: 12040768
Not aware of any way you can 'hard code' the password into a shortcut.  Even if this could be done, why would you want to do this?  What would prevent the user from modifying the shortcut to point to another application (any of the Admin tools for example), and then opening up and using those as admin?  Would kind of defeat the purpose of segregating roles, would it not? :)

Certainly you can setup the shortcut so that it is pre-filled with a username - see the below KB article;it;225035

Format is:
runas /user:machine\admin_user command
where machine is the name of your computer, admin_user is the username of the administrative user, and command is the command you want to be run
LVL 11

Accepted Solution

Quetzal earned 200 total points
ID: 12040857
do the runas command from a command prompt once with the /savecred switch.  It will remember the credentials thereafter.

Expert Comment

ID: 12046381
yeah right.... pleas use the /savecred switch. (No offence Quetzal)

From now on any webpage/javascript/vbscript/hacker and user can call :
CreateProcess("runas.exe", "/savecred /user:administrator \"cmd /c somecommand\"", ...)

This since savecred is NOT limited to the application where it was initially used for.
So after starting (for instance) the scannerapplication as admin with the /savecred switch,
the user can press winkey+r and run anything he/she wants as admin hereby VERY EFFECTIVELY bypassing all (local) security.

I have some tools that can do the job like sanur.
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

LVL 11

Expert Comment

ID: 12050735
No offense AlfaLAN because you are right, /savecred is a huge security hole.  I never realized this nuance until now.  Thx.

I'm not sure that sanur is the answer though because you have to enter the password in plaintext.

I guess it just points up why it's not a good idea to let regular users have admin privileges, it's just not a good idea.

fl4ian, can you expand a little on what you are trying to accomplish?

Assisted Solution

AlfaLAN earned 100 total points
ID: 12059589
Thx Quetzal,

I reccommended a program like sanur.ex (or use su.exe or the latter version suss.exe available on the Resourcekit) becouse
this option is practical and for obvious reasons far better then the /savecred switch.
These tools should be used wisely together with a batchscript. And becouse everyone can read a batchscript (and thus the adminpassword) you should use a tool like battocom.exe or battoexe.exe to CONVERT the batchscript so a user cannot simply read your script (and passwords).

Another solution I personally like to use, is to write a simple vb program (compile to exe) wich opens a specified program using the impersonate functions (see: for more info on these functions...).

Instead of hardcoding admin/domain/password you could also create a commandlinetool wich could read (encrypted) info from file or registry or commandline (or combinations). Keep in mind that if you let adminname & Password read out of file/registry people can use filemon.exe or regmon.exe to trace your password....
So if you would create your own kind of su (wich can run any program using a defined user) would be a very big risk.
So hardcoding is the best way since it can run only a specified program for a specified user using a nonexternal username & password.

(see also:

Now there another trick that has come to my mind just now, so I haven't tried it yet...
If you would add a program to run as service, you can specify a username and password to run it as a different user...
Then define that the program does'nt start automatically but when needed.
Next create a shortcut wich invokes something like: 'net start specialprogram' and move it to the %userdir%\startmenu\programs.... of the users wich should have access to this shortcut.

Always keep in mind that every action that is done by the application wich is run as a different user, is done as that different user.
So if a user would execute (from that program) something like:
"%programfiles%\Internet Explorer\IEXPLORE.EXE -e %systemdrive%"
he would get explorerwindow with folders so also controlpanel, manage this computer, and everything as if he were admin...). Every program he runs from thereon is also ran as this other user. If he would browse the internet... you get it.
LVL 11

Expert Comment

ID: 12062885
AlfaLAN, excellent post.  I'm really glad to to have bumped into you here.  Thx for the info.

Expert Comment

ID: 12139803
Thank you! Out of own personal interest, can anybody top it off???
It's been quite quiet around this question for some time now...
& I'm eager to start using the searchfacility if U Know what I mean ;-)

Expert Comment

ID: 12148152
You could also go for Runas Professional:

Or a 'simplified' scripting solution like I mentioned using:

Author Comment

ID: 12153112
i ended up creating an additional admin account and setting that password to the same one that the user usually uses to log in.

when they run the program shortcut (with the save-as switch), they have to enter the password (which is the same as the general login).

1) i implemented this after reading the first comment.
2) i haven't been back at this site yet to do more experimentation
3) alphalan, you definitely know you're stuff, but i wonder if i need to go to such a degree when savecred is easy.  espeically with a small office (less than 8 people, none of which are tech savvy), and behind a firebox...

as a result i'm splitting/adding points.

Author Comment

ID: 12153129
apparently, i can't add more points since it's alread at 500, sorry.

Expert Comment

ID: 12178925
1) Whoow!!! Good on you! Hope putting /savecred behind a shortcut did'nt take up to much of your time...
2) If you would have read the site-rules you know you don't abandon a post for almost 2 weeks..
3) My name is ALFALAN!!!!!!!!!  And if you would have actually participated in your topic, and READ the comments you would most defenetly not ask your third question since it is already extensively awnsered.

"i ended up creating an additional admin account and setting that password to the same one that the user usually uses to log in....?!?!?!?!" Why not give the user the adminpassword instead of creating an additional security-risk????

It is also easy NOT to lock your frontdoor; You don't need those bloody key's, you don't need to get up to open the door to visitors and so on...

PS: your firebox ain't gonna blok malicious webscripts/email (just to mention some everyday risks) (GRIN :-) )....
I write them to (for intranet-support-applications) and can assure you I can modify almost anything on your computer through a vbs/js/activex (and now experimenting with flashscript to hide my source) in html. How did you think browserhijacking (for example) works ???

PS2: the most irritating part however is that you start realising what you are doing, and/or if you would simply take the effort + 15 mins of your time to test one of the other solutions, I know for shure you will stop using this solution, and start using one of mine (probably suss.exe). And in that case: Where are my earned points?

Author Comment

ID: 12217822

1) get over yourself.
2) read number 2 of my second to last comment.

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question