Solved

make "run as a different user" default to MY admin account

Posted on 2014-03-24
19
5,093 Views
Last Modified: 2016-02-02
I know there are work-arounds by creating batch files with "run as" and such, but this is not what I am looking for.


I would like one of two things:

For the "Run as a different user" to have a default user that could be set

or

For a command prompt run as the different user to launch items run from that cmd prompt AS the user that started the cmd.


Any ways this is possible, or another work around that doesn'r involve having 2 of every shortcut?
0
Comment
Question by:ServerNotFound
  • 5
  • 3
  • 2
  • +7
19 Comments
 
LVL 3

Expert Comment

by:englanddg
ID: 39952127
Turn off UAC.  :P

It sortof defeats the purpose of having UAC if all you do is create ways that sidestep it.

Or, maybe I'm missing what you are asking?
0
 

Author Comment

by:ServerNotFound
ID: 39952143
Our local user accounts are not allowed to be an admin, however I need to make a lot of changes using an Admin account.

This would be an issue with or withour UAC, as the local user has not the rights needed to perform the task.  

It would still be somewhat secure, as the PW would still be required.  Slightly less secure though as the username would be there, but we have easy to guess user names anyhow.
0
 
LVL 3

Expert Comment

by:englanddg
ID: 39952155
Oh, I see.  Sorry...I really was missing something!  <grin>

Hrm...nothing off the top of my head.  Sorry...
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39952175
go into the program compatibility settings and force it to run as an administrator
0
 
LVL 3

Expert Comment

by:englanddg
ID: 39952193
@David Johnson

While that would work to run it with elevated privileges, I think what he's looking for is a way to accomplish that when logged into a machine with an account that does NOT have local admin rights.

Your solution would not cover that situation.

You are thinking as I thought at first, this was UAC at work, but that's not what he's saying at all...

He's logging into a system, say, as a Power User, and then wanting to run something as an Administrator.

Or, maybe I'm missing something (I often do, plus I'm watching the UTenn ladies play, so...they are distracting!)
0
 

Author Comment

by:ServerNotFound
ID: 39954091
englanddg you are spot on.


'UserA' account logs in locally, but had no admin rights.  'UserA's owner also has a domain admin account 'AdminA'

So I must log in locally as 'UserA' (Policy prohibits using a domain admin account as your every day access account), but a lot of what I need to do for my job requires me to run programs as 'AdminA'
0
 

Author Comment

by:ServerNotFound
ID: 39967872
Any way to make this work?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 39977716
With Powershell you can start a shell providing secure credentials (fixed and valid for a specific machine plus (source) account only), or let ask for the password.

That said, what is the issue with calling runas, which then starts a cmd prompt for that user?
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 39977732
Hello

I don't think this is possible to be done. What you can do is to create a shortcut to your mmc using runas command
runas /user:AdDomain\UserName mmc [password]

putting password in the bat is not really secure, but can be easy ...


Dan
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 68

Expert Comment

by:Qlemo
ID: 39977749
dan_blagut,

runas does not allow to provide the password as parameter. And there is no mentioning of "mmc" anywhere.
0
 
LVL 76

Expert Comment

by:arnold
ID: 39977784
If you have many programs to run with admin rights, that sounds as there is no point to require a non-admin login.
You can always elevate rights within a command window, and then run any program/application you want from the elevated rights window.

start command windows with using the run as administrator.
from this window you can start any program and it will run with elevated rights.

I think this will solve the need to run: instead of
start program 1 as administrator (provide login info)
start program 2 as administrator (provide login info)

start command as administrator (provide login info)
elevated command window opens: any command run here will be running with elevated rights,
               start program 1
               start program 2
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 500 total points
ID: 39977868
Would drag-n-drop suffice as a mechanism to run something as an admin? Meaning anything you want elevated, drag-n-drop it onto one shortcut, and it will be runas the admin. You can perhaps try using the "profile" of the user who you sign in as rather than the "no profile" listed in my example:
Option explicit
dim wshShell
set wshShell=CreateObject("Wscript.Shell")
wshShell.run("RunAs /noprofile /env /user:%computername%\administrator " & Chr(34) & "cmd /c\" & Chr(34) & WScript.Arguments(0) & "\" & Chr(34) & Chr(34))
WScript.Sleep 100
wshShell.AppActivate "RunAs"
'Replace the string --> yourpassword~ below with
'the password used on your system. Include tilde "~"
wshShell.Sendkeys "yourpassword~"
Wscript.Quit

Open in new window

I added the "/env" switch which should use the "current users" enviroment as opposed to the administrators. You could also switch "/noprofile" to "/profile desired_user_here" I believe you will want to put the desired user's name in there too.
Just make a new txt file on your desktop, rename it runas.vbs (something dot vbs anyway) and then drag and drop programs onto it. Windows 7 did away with VBE encoding so it's harder to obfuscate the admin password, so it's a risk you have to weigh: http://xinn.org/RunasVBS.html
-rich
-rich
0
 
LVL 23

Expert Comment

by:Brian B
ID: 39978467
Back in "the old days", I would just start up MMC, add all the snap-ins that I needed and saved it to the desktop. Then I would run that file as administrator and just leave it open all day.

Now that MS has switched to individual apps for many things (like System Centre), the above doesn't work as well any more, but in the advanced properties of the application console icons, I have checked the option to run as administrator. Saves a couple of clicks anyway.

Alternatively, if you are not allowed to use your admin account for everyday access, could you build a VM with all the management software you need on it?
0
 

Author Comment

by:ServerNotFound
ID: 39978659
Rich,

I like that solution and it works great, but I would prefer if it prompted for the PW rather than store it.

I used to be able to do this easily in XP, but haven't gotten a Windows 7 version of it working.

Set objpassword = CreateObject("ScriptPW.Password") 
WScript.StdOut.Write "Please enter your password:" 
password = objpassword.GetPassword()

Open in new window

0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39978693
All you have to do is make it even simpler then...
Option explicit
dim wshShell
set wshShell=CreateObject("Wscript.Shell")
wshShell.run("RunAs /noprofile /env /user:%computername%\administrator " & Chr(34) & "cmd /c\" & Chr(34) & WScript.Arguments(0) & "\" & Chr(34) & Chr(34))
WScript.Sleep 100
wshShell.AppActivate "RunAs"
Wscript.Quit

Open in new window

Naturally adjust the /env and /noprofile, but I think that will do it.
-rich
0
 

Author Comment

by:ServerNotFound
ID: 39978777
Perfect.
0
 

Expert Comment

by:BzowK
ID: 40491790
I actually have an alternate idea which would work depending on what you are trying to do.  If your goal is to find a faster way to run / start apps as a different user, then this is what I use which should be faster than right clicking at all!

As I'm sure you know, you could create a batch file to launch any app as a different user.  The bad part about that is that your credentials would be stored in plain text.  A couple of years ago, I found CPAU.  CPAU is a tiny freeware command line tool which works around this issue.  Using a command line string, CPAU creates an encrypted ".job" file which stores the command to start the app plus the credentials you wish to use.  Once created, you simply run something like "cpau exmaple.job" and the app opens using the credentials you made the job file with.

Personally, I've created a .job file for each app I open as my service account.  I also create a batch file for each which runs the job file which I've added to Windows as shortcuts with custom icons.  Long story short, when I start certain apps on my PC now, they open using my alternate credentials which are perfectly safe and encrypted.

If this helps and you need help setting up the formatting, let me know.  Almost everything follows the same string format to create .job files except MMC apps which are a bit different.

Hope it helps!
1
 
LVL 1

Expert Comment

by:SquigglyMonkey
ID: 41446486
I didn't thoroughly read all the answers, sorry about that, not much time atm.... You can create a group at the domain level, then use group policy to make that group a member of the local administrators group on the workstations. Then put your 'standard account' (Not the Domain Admin account), or create a user account explicitly for working on the systems in that group. When you log onto the systems as either that account you're an admin, or when you use their account, and 'run-as' use that account, and you are running the process as a local admin.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now