There are some times when RunAs doesn't work.
- Some apps reuse existing instances
- Windows Explorer
- Microsoft Office Word
- Some apps get started through the shell
- Current version of WindowsUpdate!
- And Microsoft Update!
Trying to run Windows Explorer with different privileges is often a problem because Explorer only likes to run one instance on the desktop and any request will default to an existing instance. There are some ways around this:
- Use Internet Explorer, or do run as then what you do is start as admin and then type a local address. Then you'll be running as admin.
- Set the flag that lets Windows Explorer run multiple instances - not designed to support RunAs, but it does work. The trick is that the option has to be set as the target user. The admin account has to have this option set.
There are also some issues related to using the local admin account:
- No access to domain resources.
- Different profile settings
- Some apps assume that the installer is the user - This information is stored in hkey_current_user. If the app is used with a different account there may be settings missing and the app will fail to work
- Per-user Policy settings - Much of policy is hkey_current_user, which is locked down. You need to be admin in current account.
- Power Options applet is per user and per machine.
The solution to some of these problems is to run something as you but with your admin privileges. As mentioned previously, MakeMeAdmin can help with this.
Elevating privileges for administrators
Step 1: RunAs dialog
Step 2: RunAs command line
Step 3: Differentiating security levels
Step 4: MakeMeAdmin
Step 5: Caveats
Step 6: Resources
|ABOUT THE AUTHOR:|
| Aaron Margosis is a Senior Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He specializes in application development on Microsoft platforms and products with an emphasis on application and platform security. Aaron has blogged extensively about how to run Windows as a non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and Masters Degrees from the University of Virginia, and calls Arlington, VA, home.
Copyright 2005 TechTarget
Dig Deeper on Endpoint security management tools