Step 1: RunAs dialog

The primary method for elevating privileges as needed in a corporate environment is to use RunAs. RunAs relies on a secondary logon service. It has a dialog box as well as a command line console available at runas.exe. In Windows, when one program starts the second program, the child program, inherits environment, security context, security tokens, etc. so that something started from the admin command shell will also run as admin.

You can use the RunAs Dialog, the graphical user interface for common console administrative tools (.msc) and regular programs. You can also choose to run any program with RunAs. Just right click and look for the RunAs option. Sometimes the RunAs option does not pup up. Hold shift and right click to get the RunAs option. For instance Control Panel applets (.cpl) and "Special Microsoft Windows Installer Links" -- a variety of shortcuts that invoke the installer, like Adobe Acrobat -- require holding shift and right click.

You can reach RunAs through the Administrative Tools menu

Enter the credentials in the lower part of the dialog and the program will open.

Another way you can use RunAs is to take a shortcut and modify its properties so that every time you click on it RunAs becomes the default. For instance if you drag an administrative tool to your desktop, right click on it, choose properties, then advanced properties then check run with different credentials, then every time you invoke that shortcut it will immediately bring up the RunAs dialog.

Elevating privileges for administrators

 Home: Introduction
 Step 1: RunAs Dialog
 Step 2: RunAs command line
 Step 3: Differentiating security levels
 Step 4: MakeMeAdmin
 Step 5: Caveats
 Step 6: Resources

Aaron Margosis is a Senior Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He specializes in application development on Microsoft platforms and products with an emphasis on application and platform security. Aaron has blogged extensively about how to run Windows as a non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and Masters Degrees from the University of Virginia, and calls Arlington, VA, home.
Copyright 2005 TechTarget

This was first published in April 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.