RUNAS

Execute a program under a different user account.

Syntax
      RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
         /user:UserName program

      RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
         /smartcard [/user:UserName] program

      RUNAS /trustlevel:TrustLevel program

Key
   /noprofile       Do not load the user's profile.
                    This causes the application to load more quickly, but
                    can cause some applications to malfunction.

   /profile         Load the user's profile. (default)

   /env             Use the current environment instead of user's.

   /netonly         Use the credentials for remote access only.

   /savecred        Use credentials previously saved by the user.
                    This option is not available on Windows 7 Home or
                    Starter Editions and will be ignored.

   /smartcard       Load the credentials from a smartcard.

   /user            UserName in the form USER@DOMAIN or DOMAIN\USER

   /showtrustlevels Display the trust levels that can be used.

   /trustlevel      Level should be one of levels enumerated
                    in /showtrustlevels.

   program          The command line .EXE to run.

Enter the password when prompted.
/profile is not compatible with /netonly.
/savecred is not compatible with /smartcard.

When you start a program with RunAs /netonly, the program will execute on your local computer as the user you are currently logged on as, but any connections to other computers on the network will be made using the user account specified.

Without /netonly everything will run under the user account specified.

RUNAS used backslash \ as an escape character (not the standard ^ used by other CMD commands).
RunAs Reqires the "Secondary Logon" service to be running.

The error level %ERRORLEVEL% returned by RunAs: success=0, failure=1

RunAs from Windows Explorer

Select an executable file, Shift-Right-click and select Run As..
This option can be hidden by setting
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HideRunAsVerb=1

Run with Elevated permissions

In Windows Vista and above, you can run a script with elevated permissions by right clicking and choosing "Run As Administrator" it is also possible to invoke the UAC dialogue by calling the VBScript .ShellExecute function.

When a script is run with elevated permissions several aspects of the user environment may change: The current directory, the current TEMP folder and any mapped drives will be disconnected.

Examples

Run notepad.exe as the user Jdoe on domain SS64dom with no profile:

C:\> Runas /noprofile /user:SS64Dom\jDoe "notepad.exe"

Run CMD.exe as the Administrator on the local machine Dellpc64:

C:\> Runas /profile /user:DELLPC64\administrator CMD

Run Notepad.exe as 'Natasha' on domain SS64dom using the current environment, and open a file, escape the quote characters around the filename with \ :

C:\> Runas /profile /env /user:SS64Dom\natasha "notepad \"C:\work\demo file.txt\""

Run Active Directory Users and Computers (dsa.msc) as the user Jdoe on domain SS64dom

C:\> Runas /env /user:SS64Dom\jDoe "mmc %windir%\system32\dsa.msc"

“He who reigns within himself, and rules passions, desires, and fears, is more than a king” ~ Milton

Related:

ShellRunAs - Run a command under a different user account
Aaron Margosis - Running with least privilege
joeware.net - CPAU (Create Process As User) like RunAs but with an options to encrypt the password.
PsExec - Execute process remotely
Powershell: you can run an entire powershell session via RunAs to elevate your permissions.
Equivalent bash command (Linux): SU - Switch User


© Copyright SS64.com 1999-2014
Some rights reserved