runas.exe and "Run As Administrator" result in different access privileges
I posted this in the Win7 forum, but was told to post it here.
While logged into Windows 7 as a standard user, if you execute CMD.EXE using RUNAS.EXE and supply a domain account with local admin privileges (runas /user:domain\jeremiahp-a C:\WINDOWS\system32\cmd.exe), you get slightly different rights than if you had
right-clicked CMD.EXE, selected "Run As Administrator", and then provided the same domain account credentials.
This can be proven by launching command shells using both methods, and running the command, WHOAMI /GROUPS within each instance.
The CMD shell launched using RUNAS will display the following result for WHOAMI /GROUPS
BUILTIN\Administrators Alias S-1-5-32-544
Group used for deny only
The CMD shell launched using the right-click "Run As Administrator" method will display the following results for WHOAMI /GROUPS
BUILTIN\Administrators Alias S-1-5-32-544
Mandatory group, Enabled by default, Enabled group, Group
All other groups will be identical for the same user.
The first implication that I've discovered, is that the CMD shell launched using RUNAS.EXE will not have rights to access or modify files in another user's local profile directory, while the CMD shell launched using the right-click method will have sufficient
privileges to access and modify other users' profile directories.
Is this a bug, or is this by design? If by design, why?
May 6th, 2011 1:59am
as far as I am aware, its by design, UAC is still in play when you do the runas command, so you don't get the elevated Token
The question I guess is "how do I run as an elavated admin from a command prompt?".
I know you can do that via psexec.exe, using the -h switch, which uses the elevated token, but don't know of a way to do it using native tools.
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 3:22am
I like how the MS moderators will change the thread type from a question to a conversation, even though it's clearly a question, and then not provide any feedback.
May 12th, 2011 12:58am
Thank you, SJBB99. That points me in the general direction. I'll try using psexec locally to do this.
Free Windows Admin Tool Kit Click here and download it now
May 12th, 2011 1:02am
There is by design. Its hard to find the right answer to this.
I recommend going to sysinternals and searching for Elevation powertoy for vista. That lets you run elevated executions.
I have (almost) finished a rewritten version of their script that will allow administrators run usual Domain Admin tasks while still logged on their machine as a normal user, and not having to type in a password all the time.
I use a combination of runas.exe and elevate.cmd.
I will post the code up at http://ivan.dretvich.com in the next coming days. - if i find this thread in a few days i will paste in the correct link.
Cheers,
Ivan
June 16th, 2011 9:27am
Thanks, I'd be interested to see what you cook up.
You may be interested in this:
http://blogs.technet.com/b/elevationpowertoys/archive/2010/06/20/creating-a-self-elevating-script.aspx
Free Windows Admin Tool Kit Click here and download it now
June 16th, 2011 9:20pm