Windows IT Pro
Connect With Us
Home > Windows Client > Using Windows 2000's Run As Command

Using Windows 2000's Run As Command

Dec. 27, 1999 Zubair Alexander | Windows IT Pro

Windows 2000 (Win2K) includes a Run As command that lets you log on as one user (e.g., a member of the Users group) and run programs as a different user (e.g., a member of the Administrators group). If you work as a network administrator, you’ll appreciate the ability to run programs in a different security context. You can log on with your ordinary user account that doesn’t have special privileges and perform administrative tasks without logging on as an administrator.

The Hazards of Running Your Computer as an Administrator
If you work as a network administrator, you know that you should avoid adding your user account to the Administrators group. And common sense dictates that you should log on as an administrator only if you need to perform tasks that require administrative authority. On a Windows 2000 Professional (Win2K Pro) machine, you can add your account to the Power Users group; members of the Power Users group can make changes to the computer, add printers, install programs, and use most of the Control Panel programs. On a Windows 2000 Server (Win2K Server) system, you can add yourself to the Account Operators or Server Operators group to perform some administrative chores. Several other groups with limited administrative authority exist that you can assign yourself to when you need to have administrative privileges.

Trojan Horses and Other Security Risks
Network and systems administrators shouldn't log on to Win2K computers as administrators to perform routine office tasks such as reading email and working on Word documents. In the Win2K documentation, Microsoft issues clear warnings about the security risks you expose yourself to when you run Win2K as an administrator. For example, you run the risk of inadvertently downloading a Trojan horse, a computer programs that can behave like familiar, benign program but can trick you into providing sensitive information. Trojan horse code can download to your computer when you connect to an unknown site on the Internet. The damage that a Trojan horse can do ranges from creating a user account with administrator privileges to deleting files from your hard drive. Fortunately, Win2K's Run As command helps you minimize the risks to your administrator account.

Run As to the Rescue
With the Run As command, you can log on to your computer with a standard user account and run administrative tools without logging on as an administrator. Let's look at an example of how you can use the command.

Imagine you're logged on with a standard user account and you want to run the Control Panel's Add/Remove Programs applet. The first step is to go to the Control Panel and highlight the Add/Remove icon. Hold down the Shift key and right-click the icon to see the context menu that Screen 1 shows. Select Run As to bring up the Run As Other User screen, where you can enter a different username, password, and domain name. If you want to run Add/Remove Programs as a local administrator, type the name of the local computer in the Domain box; if you want to run the program as the domain administrator, type the name of your domain in the Domain box.

You can use the Run As command with just about any program, including Control Panel items, as long as the user account has the ability to log on locally. You can also use the Run As command with Microsoft Management Consoles (MMCs). It's possible to use the Run As command at the command prompt so you can use it in a batch file. However, you can’t start Windows Explorer or desktop items using Run As.

Tips for Using Run As
You're not limited to using the Run As command as an administrator; you can use it with any user account as long as the Run As service is running. The Run As service allows only password authentication, so any other form of authentication, such a smart-card logon, won't work with Run As.

Finally, here's a suggestion that you might find useful: If you like the system to prompt you for alternate credentials each time you use a certain tool, you can create a shortcut for that tool and select Run as different user in the shortcut’s properties. For example, I have installed all the tools on my Win2K Pro machine I need to manage my Win2K domain. I can log on with my regular user account and run Active Directory Users and Computers as my domain administrator account. To create the shortcut that will work in this situation, you must create a new MMC (if you use the built-in Active Directory Users and Computers MMC, the option you need to use will appear grayed out):

  1. Start a new MMC and add the Active Directory Users and Computers snap-in. For more information see Getting the Most out of the Microsoft Management Console.
  2. Save the console, and create a shortcut for it on the desktop.
  3. Right-click the shortcut icon, and select Properties.
  4. Check the box Run as different user, as Screen 2 shows.

    Now when you launch this shortcut, the system will ask you whether you want to run the tool as a different user, and you can run it as an administrator without logging on as an administrator.

Discuss this Article 32

simian (not verified)
on Apr 22, 2004
Wanna use a batch tool like "Run As" but with a password in the command line then this very useful freeware tool is for you: http://www.sysinternals.com/ntw2k/freeware/psexec.shtml
Marek Cwiok (not verified)
on Oct 31, 2001
What is command line syntax to run "run as" command ? Could you provide examples of use in batch file ?
Dug Stokes (not verified)
on Dec 11, 2001
its: runas [some settings here] But i've not tried it yet!
Tommy (not verified)
on Nov 18, 2003
this is a very helpful way to explain the tool in microsoft server 2000 thank you
Anonymous User (not verified)
on Nov 19, 2004
runas service = secondary logon, don't know if this will impact other remote abilities: BEWARE
Anonymous User (not verified)
on Nov 19, 2004
To disable the runas commands go to services and change the runas service from automatic to manual and make sure user doesn't have ability to alter this setting (only admin).
Scott (not verified)
on May 12, 2004
Does anyone know how to use "Run As" as a command line from the "Run" menu or CMD prompt?
Vishal (not verified)
on Mar 31, 2005
Hi there, Is it posible to get Admin rights by editing registry (using regedit)? As I am a local user on Windows 2000 and don't have Admin rights, but I can edit registry. So to install a software hoe can I get privileges? Do reply, Regards, Vishal Patwa
Impu (not verified)
on Mar 2, 2004
"possible to use the Run As command at the command prompt so you can use it in a batch file" => how do you do it?
Anonymous User (not verified)
on Oct 22, 2004
by typing "runas" the following message is returned: RUNAS USAGE: RUNAS [/profile] [/env] [/netonly] /user: program /profile if the user's profile needs to be loaded /env to use current environment instead of user's. /netonly use if the credentials specified are for remote access only. /user should be in form USER@DOMAIN or DOMAIN\USER program command line for EXE. See below for examples Examples: > runas /profile /user:mymachine\administrator cmd > runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc" > runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\"" NOTE: Enter user's password only when prompted. NOTE: USER@DOMAIN is not compatible with /netonly.
Anonymous User (not verified)
on Oct 28, 2004
how do you disable "run as" commands
marilla (not verified)
on Oct 24, 2003
This is very interesting. But, I'm an IT administrator, and the users usually only have power user rights. When windows patches has to be installed or some specific tools have to be run on the local machine, they need administrator rights. So in order to avoid installing it on any machine personally, I would need to perform a runas specifying the password directly in the syntax, in order to perform the command without being prompted by the password. Something similar to the syntax of the "net use" command. If someone has an utility or a workaround it would make me happy.
Greg (not verified)
on Jun 8, 2004
I'm having a problem, every time i try to use a program it goes to the "run as" screen. I want to know how to turn it off
tri (not verified)
on Nov 21, 2003
I want to reinstall win2k server, so I want to backup information of users (Username, Password, description...) I don't know what command to use. help me Pls, Thank you
alientrader (not verified)
on Apr 15, 2004
"possible to use the Run As command at the command prompt so you can use it in a batch file" => How do you do it?
Joel (not verified)
on Jul 3, 2002
see this page for command-line examples: http://www.labmice.net/Windows2000/Administration/runas.htm
MVL
on Oct 18, 2004
apparzently run as does not allow you to specifyv the password in a scripted manner (no command option for that...) For scripting purposes, one would be wise to use cpau.exe. Find it at http://www.joeware.net/win/free/tools/cpau.htm

Please or Register to post comments.

Related Articles
IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• The Microsoft
Technology Roadmap
• Office 365 Implementation
• Hyper-V Optimizing
• Windows 8 Deployment
and much more!

Come See Paul Thurrott & Rod Trent in Person!

Early Registration Now Open

Upcoming Training

Mastering System Center 2012

During over 6 hours of training you can join John Savill from your computer as he will walk you through the key components and capabilities of System Center 2012, what’s involved in using the components, and the benefit they can bring to your environment.

Register Now

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc