Run a Program as Another User with runas

Posted April 13, 2004 by Quinn McHenry in Windows security

Regardless of what operating system you use, logging in and performing normal (non-administrative) tasks with administrative privileges is a dangerous practice. Unwittingly executing a program concealing a Trojan horse as an administrator will provide administrative rights to that program, and the impact may be much greater.

Although increased security generally causes increased inconvenience, the runas command provides a convenient means of running a program with different credentials, typically as administrator, while working as a less privileged user.

The runas command is available in XP, Vista, and Windows 7.

The runas command has many options for its operation. The simplest example is running the command regedit as the user administrator on the local system (This should always be referable by the name localhost.):

runas /user:localhost\administrator regedit

You will be prompted for the password for administrator. If you provide the correct password, the regedit command will start.

The runas command also can be used in a batch file. If you frequently run the regedit command on your system, create a regedit.bat file containing the following text:

@ runas /user:localhost\administrator regedit

Then you can double click on the icon for the batch file you have created to start the regedit (after entering the appropriate password). The @ symbol prevents the commands that follow from being printed to the screen when they are run, so the only text in the window that pops up is the password prompt. Dragging the batch file into the start menu or a program group will make it even easier to use.

 

About Quinn McHenry

Quinn was one of the original co-founders of Tech-Recipes. He is currently crafting iOS applications as a senior developer at Small Planet Digital in Brooklyn, New York.
View more articles by Quinn McHenry

The Conversation

Follow the reactions below and share your own thoughts.