Step 1: RunAs dialog

Administrators need admin privileges, but not all the time. Learn how to work securely by only elevating your privileges as necessary.

The primary method for elevating privileges as needed in a corporate environment is to use RunAs. RunAs relies on a secondary logon service. It has a dialog box as well as a command line console available at runas.exe. In Windows, when one program starts the second program, the child program, inherits environment, security context, security tokens, etc. so that something started from the admin command shell will also run as admin.

You can use the RunAs Dialog, the graphical user interface for common console administrative tools (.msc) and regular programs. You can also choose to run any program with RunAs. Just right click and look for the RunAs option. Sometimes the RunAs option does not pup up. Hold shift and right click to get the RunAs option. For instance Control Panel applets (.cpl) and "Special Microsoft Windows Installer Links" -- a variety of shortcuts that invoke the installer, like Adobe Acrobat -- require holding shift and right click.


You can reach RunAs through the Administrative Tools menu


Enter the credentials in the lower part of the dialog and the program will open.
 

Another way you can use RunAs is to take a shortcut and modify its properties so that every time you click on it RunAs becomes the default. For instance if you drag an administrative tool to your desktop, right click on it, choose properties, then advanced properties then check run with different credentials, then every time you invoke that shortcut it will immediately bring up the RunAs dialog.


Elevating privileges for administrators

 Home: Introduction
 Step 1: RunAs Dialog
 Step 2: RunAs command line
 Step 3: Differentiating security levels
 Step 4: MakeMeAdmin
 Step 5: Caveats
 Step 6: Resources

ABOUT THE AUTHOR:
 
Aaron Margosis is a Senior Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He specializes in application development on Microsoft platforms and products with an emphasis on application and platform security. Aaron has blogged extensively about how to run Windows as a non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and Masters Degrees from the University of Virginia, and calls Arlington, VA, home.
Copyright 2005 TechTarget
 

This was first published in April 2006

Dig deeper on Endpoint security management tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close