Runas.exe vs right-click run as administrator



  • I have discovered an oddity.

    If I right click a shortcut to a program on my desktop and choose Run as Administrator, enter my credentials and everything is fine.

    But if I open a normal command prompt and type

     runas.exe /profile /env /user:<computername>\user "c:\program files (x86)\someprogram\program.exe"
    

    it fails to run.

    FYI it fails to run (i.e. crashes) when trying to run as a non local admin.

    Does anyone know why/how these are different?



  • I found this article
    https://www.citrix.com/blogs/2013/10/15/the-almost-forgotten-hardening-runas-run-as-different-user/

    It mentions that in Windows Server 2008 R2 MS changed things. Before 2008 R2, everything used the runas.exe to do it's thing. But starting in 2008 R2 the command line ran from runas.exe, and the right click option ran from

     HKEY_CLASSES_ROOT\exefile\shell\runasuser
     HKEY_CLASSES_ROOT\batfile\shell\runasuser
     HKEY_CLASSES_ROOT\cmdfile\shell\runasuser
     HKEY_CLASSES_ROOT\mscfile\shell\runasuser
     HKEY_CLASSES_ROOT\Msi.Package\shell\runasuser

  • Banned

    RUNAS was around long before UAC.. Run as administrator came about with UAC.

    RUNAS can be used for any user.. for example with buy outs during transition periods we use domain trusts and move have them do Run as on some apps they need to make them work in the proper domain account.



  • I have an application at one client that absolutely requires admin rights.

    My co-worker and I came up with this process.

    Pre-requisite: An account with local admin rights. At this client we have an AD account create that only has local admin rights.
    0_1457737048583_upload-44bc57e3-49fe-465b-b0b5-5cf7c2140345

    1. create a .bat file with the following to launch the application.
    @echo off
    cd \
    cd Program Files (x86)
    cd Juniper
    start Juniper.exe
    
    1. Create a shortcut on the desktop pointed to that .bat file. But change the target as follows:
    C:\Windows\System32\runas.exe /user:domain\localadmin /savecreds "C:\Juniper\Juniper.bat"
    
    1. Launch the shortcut once and enter the local admin password to add the credentials to windows locally.

    Now the user can click the shortcut and their program launches.

    Can this be abused? Yes. But it is the best thing I could come up with that still left the technician without local admin rights out in the field with no internet service.



  • I've tried that runas.exe line using an actual local admin account.

    Using runas.exe it fails,

    But right clicking on the normal shortcut choosing Run As admin, typing in the same username and password used with Runas.exe and it worked fine.



  • OK I'm still dealing with this.

    All articles I'm reading today tell me that I can't use RUNAS to run a process/program at an elevated level - it maxes out at the level of the user who's running the RUNAS command.

    For example, I run the command
    U:>runas /showtrustlevels /user:domain.local\local-admin

    And get Output:
    The following trust levels are available on your system:
    0x20000 (Basic User)

    This tells me that the best I can do it run a command as another user but only at Basic User level.

    So since @JaredBusch has this working, I'm wondering what your output of
    U:>runas /showtrustlevels /user:domain.local\local-admin

    is?



  • I just found this tool
    http://www.robotronic.de/runasspcEn.html

    It does work as advertised - it will launch a file that is set via compatibility mode with Admin rights. The UAC prompt still kicks, but that's tolerable.


Log in to reply