runas, sum of rights?

A program must run as a local admin on a client AND
with rights granted by a script account.

How can I start this program in the login script?

The user is a local administrator.  

I'm looking runas.  If I use it and use the script account,
will local admin rights sum with the script account rights?

Who is Participating?
Aland CoonsConnect With a Mentor Systems EngineerCommented:
To answer your question there is no SUM of rights.  The process will run with THE rights ONLY of the one logged in to the process.  If SYSTEM then SYSTEM, if scripted then USER, if runas LOCAL_ADMIN then LOCAL_ADMIN but there is no mixed mode. Each process executes under it's own specified user rights.
Pete LongTechnical ConsultantCommented:
Hi hank1,
why not run it as a service, then you can runit under whatever account you like?

How to run a program as a Service

The Windows NT Resource Kit provides two utilities that allow you to create a Windows NT user-defined service for Windows NT applications and some 16-bit applications (but not for batch files).

Instrsrv.exe installs and removes system services from Windows NT and Srvany.exe allows any Windows NT application to run as a service.

HOWTO: Create a User-Defined Service;en-us;137890


To remotely create and start a service from the command line, you can use the SC tool (Sc.exe) included in the Resource Kit.

Although you can use the Netsvc.exe and Instsrv.exe tools to start a service on a remote computer, these tools do not give you the ability to remotely create a service.

How to Create a Windows Service Using Sc.exe

**********Third Party Solutions**********

Service Mill from
FireDaemon from


hank1Author Commented:
That's an alternative.  Do you have a handle
on this rights deal?  Does it sum?
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Pete LongTechnical ConsultantCommented:
to use run as you might be able to script it but it would mean having the password in the script which aint very secure :(
hank1Author Commented:
That's why we have a script account with limited

Unix has a 'sticky' bit that allows these kinds of
things.  Service is the only way?
Pete LongTechnical ConsultantCommented:
aaah the sticky bit <pete gets all nostagic aout his HPUX day>

Id plumb for a service and run it under the system account then if the local admin password is changed it wont fall over
Aland CoonsSystems EngineerCommented:
One way to get SYSTEM level rights or execute with specific user rights are to create it as a SERVICE.

The other is is RUNAS
The RunAs program runs a program as a different user, requiring the correct domain, user name, and password.
The user will be prompted for any REQUIRED value that was not entered on the command line.

runas /U username /P password /D domainname /E exename /A arguments [/W] [/I] [/?]

/U username Gets user name as input
/P password Gets new password as input
/D domainname Gets domain name as input
/E exename Gets program (.exe) name with full path
/A arguments Arguments to pass program. This MUST be the last argument on the command line.
/I Interactive Mode
/W WAIT for Process Exit
/? Displays text help file
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.