NOTE: CPAU defaults to network logon, just like runas /netonly, so it won't verify the password until you connect.

When you type cpau /?, you receive:

                              CPAU V01.06.00cpp Joe Richards (joe@joeware.net) May 2004                              Usage:                               CPAU -u user \[-p password\] -ex "WhatToRun" \[switches\]                                 user       User to log on as. Ex: user or domain\user                                 password   User's password                                 WhatToRun  What to execute                                Switches: (designated by - or /)                                 -profile   Do local logon with profile instead of net logon                                 -k         Prefix command with cmd /k to leave window open                                 -pipepwd   Special method allows you to pipe password in                                 -enc       Encrypt a job file for later user                                 -dec       Use an ecrypted job file                                 -file      Specify job file to execute or create                                 -wait      Wait for process completion before returning.                                 -cwd x     Start at working directory x.                                 -crc file\[,file,file\]   This option allows you to encode                                            CRC info for files in the job file. When decoded                                            the CRC have to match or the program bombs. Note that                                            it will not chase paths looking for the file, you must                                            specify the exact path.                                Ex1:                                  cpau -u joehome\joe -p logon -ex "perl cleanup.pl"                                    Runs perl script cleanup.pl as joehomejoe                                Ex2:                                  cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -enc -file cleanup.job                                    Creates job file called cleanup.job to run perl script cleanup.pl as joehomejoe                                Ex3:                                  cpau -dec -file cleanup.job                                    Execute job file cleanup.job                                Ex4:                                  cpau -u joehome\joe -p logon -ex "perl cleanup.pl" -wait                                    Runs perl script cleanup.pl as joehomejoe and waits for process to end                                Ex5:                                  cpau -u joe -p logon -ex notepad.exe                                    Runs notepad as user joe                                Ex6:                                  cpau -u joehome\joe -p logon -ex logonscript.cmd -profile                                    Runs logon script in current directory as user joe (see note below)                                Ex7:                                  cpau -u joehome\joe -p logon -ex logonscript.cmd -profile -cwd c:\temp                                    Runs logon script in/from c:\temp as user joe (see note below)                                Ex8:                                  cpau -u joe -p logon -ex logonscript.cmd -enc -file logon.job -crc logonscript.cmd                                    Encodes logon.job file and CRC protects the batch file                              Note:                                I had to add some protection to this. It seems people were running this with                                a networked drive for the current working directory. Microsoft prevents cross-                                security context access of network drives on purpose, this causes CPAU                                to not be able to fire the process up. To correct for that, if CPAU realizes                                your current working directory is a network drive it will change the CWD to the                                default local path (usually c:\windows\system32). To override this functionality                                you must specify the CWD option, note that if you set it to a network                                drive you most likely will not function properly. Also note that this is                                not a bug in CPAU, this is purposeful functionality from MS. You can see this                                out of anything that changes your local security context.                                Also note that if you are using this for a logon script or something else where                                you need the permissions to take affect locally, you need to specify the                                -profile switch. By default the process spawned has the current user's security                                context locally and the new security context remotely. Also keep in mind                                the note above concerning network drives, logon scripts run from network                                drives, you will need to set the CWD to a local machine (c:\temp maybe) and                                copy whatever files are necessary locally and then run cpau.                               This software is Freeware. Use it as you wish at your own risk.                               If you have improvement ideas, bugs, or just wish to say Hi, I                               receive email 24x7 and read it in a semi-regular timeframe.                               You can usually find me at joe@joeware.net