The primary method for elevating privileges as needed in a corporate environment is to use RunAs. RunAs relies on a secondary logon service. It has a dialog box as well as a command line console available at runas.exe. In Windows, when one program starts the second program, the child program, inherits environment, security context, security tokens, etc. so that something started from the admin command shell will also run as admin.
You can use the RunAs Dialog, the graphical user interface for common console administrative tools (.msc) and regular programs. You can also choose to run any program with RunAs. Just right click and look for the RunAs option. Sometimes the RunAs option does not pup up. Hold shift and right click to get the RunAs option. For instance Control Panel applets (.cpl) and "Special Microsoft Windows Installer Links" -- a variety of shortcuts that invoke the installer, like Adobe Acrobat -- require holding shift and right click.
You can reach RunAs through the Administrative Tools menu
Enter the credentials in the lower part of the dialog and the program will open.
Another way you can use RunAs is to take a shortcut and modify its properties so that every time you click on it RunAs becomes the default. For instance if you drag an administrative tool to your desktop, right click on it, choose properties, then advanced properties then check run with different credentials, then every time you invoke that shortcut it will immediately bring up the RunAs dialog.
Elevating privileges for administrators
Step 1: RunAs Dialog
Step 2: RunAs command line
Step 3: Differentiating security levels
Step 4: MakeMeAdmin
Step 5: Caveats
Step 6: Resources
|ABOUT THE AUTHOR:|
| Aaron Margosis is a Senior Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He specializes in application development on Microsoft platforms and products with an emphasis on application and platform security. Aaron has blogged extensively about how to run Windows as a non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and Masters Degrees from the University of Virginia, and calls Arlington, VA, home.
Copyright 2005 TechTarget
Dig Deeper on Endpoint security management tools