I posted this in the Win7 forum, but was told to post it here. While logged into Windows 7 as a standard user, if you execute CMD.EXE using RUNAS.EXE and supply a domain account with local admin privileges (runas /user:domain\jeremiahp-a C:\WINDOWS\system32\cmd.exe), you get slightly different rights than if you had right-clicked CMD.EXE, selected "Run As Administrator", and then provided the same domain account credentials. This can be proven by launching command shells using both methods, and running the command, WHOAMI /GROUPS within each instance. The CMD shell launched using RUNAS will display the following result for WHOAMI /GROUPS BUILTIN\Administrators Alias S-1-5-32-544 Group used for deny only The CMD shell launched using the right-click "Run As Administrator" method will display the following results for WHOAMI /GROUPS BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group All other groups will be identical for the same user. The first implication that I've discovered, is that the CMD shell launched using RUNAS.EXE will not have rights to access or modify files in another user's local profile directory, while the CMD shell launched using the right-click method will have sufficient privileges to access and modify other users' profile directories. Is this a bug, or is this by design? If by design, why?

as far as I am aware, its by design, UAC is still in play when you do the runas command, so you don't get the elevated Token The question I guess is "how do I run as an elavated admin from a command prompt?". I know you can do that via psexec.exe, using the -h switch, which uses the elevated token, but don't know of a way to do it using native tools.

I like how the MS moderators will change the thread type from a question to a conversation, even though it's clearly a question, and then not provide any feedback.

Thank you, SJBB99. That points me in the general direction. I'll try using psexec locally to do this.

There is by design. Its hard to find the right answer to this. I recommend going to sysinternals and searching for Elevation powertoy for vista. That lets you run elevated executions. I have (almost) finished a rewritten version of their script that will allow administrators run usual Domain Admin tasks while still logged on their machine as a normal user, and not having to type in a password all the time. I use a combination of runas.exe and elevate.cmd. I will post the code up at http://ivan.dretvich.com in the next coming days. - if i find this thread in a few days i will paste in the correct link. Cheers, Ivan

Thanks, I'd be interested to see what you cook up. You may be interested in this: http://blogs.technet.com/b/elevationpowertoys/archive/2010/06/20/creating-a-self-elevating-script.aspx