Solved

Run As prompt to elevate to a domain account in Vista

Posted on 2007-11-27
5
1,972 Views
Last Modified: 2013-11-29
Okay, so I've searched the internet all over the damn place trying to figure out this aggravating usage problem I'm having with Vista but it seems impossible to sepearate details on Run As and Vista from someone discovering UAC in Vista for the umpteenth time. In our domain we follow recommended security guidelines of elevating to domain admin privledges using the Run As...(Shift + Right Click) for specific domain admins utilities. This would always cause a prompt in XP which let me type in my admin credentials. However, with Vista, this Run As... option is simply assumed now to be "Run As administrator" even when I turn off UAC. Any ideas how to override the default and have it prompt for the account instead of simply defaulting to a local one? Thanks.
0
Comment
Question by:Bluespring
5 Comments
 
LVL 2

Accepted Solution

by:
lcit earned 300 total points
ID: 20360724
On my particular computer, I'm running Vista Business and I am a local administrator.  Run gpedit.exe as administrator.  Look under Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options.  There are a couple of items in there like "User Account Control: Behavior of the elevation prompt..." The one for regular users on mine was set to "prompt for credentials" the one for admin users was set to "prompt for approval".  I changed that one to "prompt for credentials" and now when I right-click and Run as Administrator it prompts me for domain credentials.  Give that a shot.
0
 
LVL 5

Assisted Solution

by:balmasri
balmasri earned 200 total points
ID: 20365048
I couldn't override this problem except making a batch file contains runas command:
runas /u:domain\user mmc.exe
then I add the snap-in
0
 
LVL 5

Expert Comment

by:balmasri
ID: 20418095
Did you find a way?
0
 

Author Comment

by:Bluespring
ID: 20422496
The best answers I have are both of your suggestions. However, I still am not able to make it behave the way I was accustomed to in XP. If I make it prompt for credentials, it does so on all elevations, even for local operations(like opening something in the control panel). Typing out my username and password every time I do anything that trips UAC gets tedious quick. The run as command seems to work best for now, but I miss the ability to selectively prompt for credentials when elevating other programs as well(like IE or Explorer) to troubleshoot  domain user problems without having to make a custom command line shortcut for every app.

I suppose I'll just go back to remotely logging in to a Windows 2003 management box as Vista really has done a great job of screwing things up for admins with this UAC. This is really something they should have fixed in SP1. Thank you for your suggestions though.
0
 
LVL 6

Expert Comment

by:ashutosh_kumar
ID: 21060277
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now