|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
01-15-2007
| #1 (permalink) |
| | Run as instead of Run as Adminstrator Hello, Local admins only get the option to "Run as Admin" when using right-click, which uses the account with admin rights they are logged in with. How can we enable them to choose an alternative domain account with priviledges for like running Exchange or AD admin tools on administrative workstations? Thx! Cheers |
My System Specs |
|
01-15-2007
| #2 (permalink) |
| | Re: Run as instead of Run as Adminstrator Use runas executable from the command prompt. -- Joe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm workinghard@news.postalias wrote: > Hello, > > Local admins only get the option to "Run as Admin" when using right-click, > which uses the account with admin rights they are logged in with. How can we > enable them to choose an alternative domain account with priviledges for > like running Exchange or AD admin tools on administrative workstations? > > Thx! > > Cheers > > |
| My System Specs |
|
01-15-2007
| #3 (permalink) |
| | Re: Run as instead of Run as Adminstrator Yes, sure that works, making custom shortcuts etc ... but is there any way to add it to the contect menu using the registry a lot of folks would appreciate that. Cheers "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message news:OTwr3OMOHHA.780@TK2MSFTNGP03.phx.gbl... > Use runas executable from the command prompt. > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > workinghard@news.postalias wrote: >> Hello, >> >> Local admins only get the option to "Run as Admin" when using >> right-click, which uses the account with admin rights they are logged in >> with. How can we enable them to choose an alternative domain account with >> priviledges for like running Exchange or AD admin tools on administrative >> workstations? >> >> Thx! >> >> Cheers |
| My System Specs |
|
01-15-2007
| #4 (permalink) |
| | Re: Run as instead of Run as Adminstrator Not that I am aware of. -- Joe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm workinghard@news.postalias wrote: > Yes, sure that works, making custom shortcuts etc ... but is there any way > to add it to the contect menu using the registry a lot of folks would > appreciate that. > > Cheers > > > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message > news:OTwr3OMOHHA.780@TK2MSFTNGP03.phx.gbl... >> Use runas executable from the command prompt. >> >> -- >> Joe Richards Microsoft MVP Windows Server Directory Services >> Author of O'Reilly Active Directory Third Edition >> www.joeware.net >> >> >> ---O'Reilly Active Directory Third Edition now available--- >> >> http://www.joeware.net/win/ad3e.htm >> >> >> workinghard@news.postalias wrote: >>> Hello, >>> >>> Local admins only get the option to "Run as Admin" when using >>> right-click, which uses the account with admin rights they are logged in >>> with. How can we enable them to choose an alternative domain account with >>> priviledges for like running Exchange or AD admin tools on administrative >>> workstations? >>> >>> Thx! >>> >>> Cheers > > |
| My System Specs |
|
01-15-2007
| #5 (permalink) |
| | Re: Run as instead of Run as Adminstrator Actually, there is, sort of. I wrote a couple of shell add-ons for the old command prompt here to get an elevated command prompt. The same process can be used here. If you export this to a reg file and import it, you will get a Run As this app on the context menu for executables Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\exefile\shell\cRunas] @="Run As this app" [HKEY_CLASSES_ROOT\exefile\shell\cRunas\command] @="runas.exe /user:ant\\jesperAD \"%1\"" If you want the old command prompt here, you import this file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\shell\CmdHere] @="Command Prompt Here" [HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command] @="cmd.exe /k cd \"%1\"" Both of these will be running with the normal token for that user. In other words, if you runas an admin in admin approval mode, you get a low admin token. To get an elevated token you would need an app that can elevate arbitrary processes on the command line. I wrote one of those for the Windows Vista Security book, but it is not quite ready for prime time yet. "Joe Richards [MVP]" wrote: > Not that I am aware of. > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > workinghard@news.postalias wrote: > > Yes, sure that works, making custom shortcuts etc ... but is there any way > > to add it to the contect menu using the registry a lot of folks would > > appreciate that. > > > > Cheers > > > > > > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message > > news:OTwr3OMOHHA.780@TK2MSFTNGP03.phx.gbl... > >> Use runas executable from the command prompt. > >> > >> -- > >> Joe Richards Microsoft MVP Windows Server Directory Services > >> Author of O'Reilly Active Directory Third Edition > >> www.joeware.net > >> > >> > >> ---O'Reilly Active Directory Third Edition now available--- > >> > >> http://www.joeware.net/win/ad3e.htm > >> > >> > >> workinghard@news.postalias wrote: > >>> Hello, > >>> > >>> Local admins only get the option to "Run as Admin" when using > >>> right-click, which uses the account with admin rights they are logged in > >>> with. How can we enable them to choose an alternative domain account with > >>> priviledges for like running Exchange or AD admin tools on administrative > >>> workstations? > >>> > >>> Thx! > >>> > >>> Cheers > > > > > |
| My System Specs |
|
01-15-2007
| #6 (permalink) |
| | Re: Run as instead of Run as Adminstrator Shoulda mentioned that you need to hard-code the username in there, and remove the one I put in which is a dummy test account. "Jesper" wrote: > Actually, there is, sort of. I wrote a couple of shell add-ons for the old > command prompt here to get an elevated command prompt. The same process can > be used here. If you export this to a reg file and import it, you will get a > Run As this app on the context menu for executables > Windows Registry Editor Version 5.00 > > [HKEY_CLASSES_ROOT\exefile\shell\cRunas] > @="Run As this app" > > [HKEY_CLASSES_ROOT\exefile\shell\cRunas\command] > @="runas.exe /user:ant\\jesperAD \"%1\"" > > If you want the old command prompt here, you import this file: > Windows Registry Editor Version 5.00 > > [HKEY_CLASSES_ROOT\Directory\shell\CmdHere] > @="Command Prompt Here" > > [HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command] > @="cmd.exe /k cd \"%1\"" > > Both of these will be running with the normal token for that user. In other > words, if you runas an admin in admin approval mode, you get a low admin > token. To get an elevated token you would need an app that can elevate > arbitrary processes on the command line. I wrote one of those for the Windows > Vista Security book, but it is not quite ready for prime time yet. > > "Joe Richards [MVP]" wrote: > > > Not that I am aware of. > > > > -- > > Joe Richards Microsoft MVP Windows Server Directory Services > > Author of O'Reilly Active Directory Third Edition > > www.joeware.net > > > > > > ---O'Reilly Active Directory Third Edition now available--- > > > > http://www.joeware.net/win/ad3e.htm > > > > > > workinghard@news.postalias wrote: > > > Yes, sure that works, making custom shortcuts etc ... but is there any way > > > to add it to the contect menu using the registry a lot of folks would > > > appreciate that. > > > > > > Cheers > > > > > > > > > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message > > > news:OTwr3OMOHHA.780@TK2MSFTNGP03.phx.gbl... > > >> Use runas executable from the command prompt. > > >> > > >> -- > > >> Joe Richards Microsoft MVP Windows Server Directory Services > > >> Author of O'Reilly Active Directory Third Edition > > >> www.joeware.net > > >> > > >> > > >> ---O'Reilly Active Directory Third Edition now available--- > > >> > > >> http://www.joeware.net/win/ad3e.htm > > >> > > >> > > >> workinghard@news.postalias wrote: > > >>> Hello, > > >>> > > >>> Local admins only get the option to "Run as Admin" when using > > >>> right-click, which uses the account with admin rights they are logged in > > >>> with. How can we enable them to choose an alternative domain account with > > >>> priviledges for like running Exchange or AD admin tools on administrative > > >>> workstations? > > >>> > > >>> Thx! > > >>> > > >>> Cheers > > > > > > > > |
| My System Specs |
|
01-15-2007
| #7 (permalink) |
| | Re: Run as instead of Run as Adminstrator Certainly an option but I would way go for using the cmd prompt and running runas there. Likely I could start up an admin tool faster that way then someone could do it via the GUI anyway.  -- Joe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition www.joeware.net ---O'Reilly Active Directory Third Edition now available--- http://www.joeware.net/win/ad3e.htm Jesper wrote: > Shoulda mentioned that you need to hard-code the username in there, and > remove the one I put in which is a dummy test account. > > "Jesper" wrote: > >> Actually, there is, sort of. I wrote a couple of shell add-ons for the old >> command prompt here to get an elevated command prompt. The same process can >> be used here. If you export this to a reg file and import it, you will get a >> Run As this app on the context menu for executables >> Windows Registry Editor Version 5.00 >> >> [HKEY_CLASSES_ROOT\exefile\shell\cRunas] >> @="Run As this app" >> >> [HKEY_CLASSES_ROOT\exefile\shell\cRunas\command] >> @="runas.exe /user:ant\\jesperAD \"%1\"" >> >> If you want the old command prompt here, you import this file: >> Windows Registry Editor Version 5.00 >> >> [HKEY_CLASSES_ROOT\Directory\shell\CmdHere] >> @="Command Prompt Here" >> >> [HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command] >> @="cmd.exe /k cd \"%1\"" >> >> Both of these will be running with the normal token for that user. In other >> words, if you runas an admin in admin approval mode, you get a low admin >> token. To get an elevated token you would need an app that can elevate >> arbitrary processes on the command line. I wrote one of those for the Windows >> Vista Security book, but it is not quite ready for prime time yet. >> >> "Joe Richards [MVP]" wrote: >> >>> Not that I am aware of. >>> >>> -- >>> Joe Richards Microsoft MVP Windows Server Directory Services >>> Author of O'Reilly Active Directory Third Edition >>> www.joeware.net >>> >>> >>> ---O'Reilly Active Directory Third Edition now available--- >>> >>> http://www.joeware.net/win/ad3e.htm >>> >>> >>> workinghard@news.postalias wrote: >>>> Yes, sure that works, making custom shortcuts etc ... but is there any way >>>> to add it to the contect menu using the registry a lot of folks would >>>> appreciate that. >>>> >>>> Cheers >>>> >>>> >>>> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message >>>> news:OTwr3OMOHHA.780@TK2MSFTNGP03.phx.gbl... >>>>> Use runas executable from the command prompt. >>>>> >>>>> -- >>>>> Joe Richards Microsoft MVP Windows Server Directory Services >>>>> Author of O'Reilly Active Directory Third Edition >>>>> www.joeware.net >>>>> >>>>> >>>>> ---O'Reilly Active Directory Third Edition now available--- >>>>> >>>>> http://www.joeware.net/win/ad3e.htm >>>>> >>>>> >>>>> workinghard@news.postalias wrote: >>>>>> Hello, >>>>>> >>>>>> Local admins only get the option to "Run as Admin" when using >>>>>> right-click, which uses the account with admin rights they are logged in >>>>>> with. How can we enable them to choose an alternative domain account with >>>>>> priviledges for like running Exchange or AD admin tools on administrative >>>>>> workstations? >>>>>> >>>>>> Thx! >>>>>> >>>>>> Cheers >>>> |
| My System Specs |
|
01-15-2007
| #8 (permalink) |
| | Re: Run as instead of Run as Adminstrator No doubt an elevated command prompt is far faster when you need to run several tasks. That's why I liked the idea of being able to right-click a folder and open an elevated command prompt there. "Joe Richards [MVP]" wrote: > Certainly an option but I would way go for using the cmd prompt and > running runas there. Likely I could start up an admin tool faster that > way then someone could do it via the GUI anyway. > > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > Jesper wrote: > > Shoulda mentioned that you need to hard-code the username in there, and > > remove the one I put in which is a dummy test account. > > > > "Jesper" wrote: > > > >> Actually, there is, sort of. I wrote a couple of shell add-ons for the old > >> command prompt here to get an elevated command prompt. The same process can > >> be used here. If you export this to a reg file and import it, you will get a > >> Run As this app on the context menu for executables > >> Windows Registry Editor Version 5.00 > >> > >> [HKEY_CLASSES_ROOT\exefile\shell\cRunas] > >> @="Run As this app" > >> > >> [HKEY_CLASSES_ROOT\exefile\shell\cRunas\command] > >> @="runas.exe /user:ant\\jesperAD \"%1\"" > >> > >> If you want the old command prompt here, you import this file: > >> Windows Registry Editor Version 5.00 > >> > >> [HKEY_CLASSES_ROOT\Directory\shell\CmdHere] > >> @="Command Prompt Here" > >> > >> [HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command] > >> @="cmd.exe /k cd \"%1\"" > >> > >> Both of these will be running with the normal token for that user. In other > >> words, if you runas an admin in admin approval mode, you get a low admin > >> token. To get an elevated token you would need an app that can elevate > >> arbitrary processes on the command line. I wrote one of those for the Windows > >> Vista Security book, but it is not quite ready for prime time yet. > >> > >> "Joe Richards [MVP]" wrote: > >> > >>> Not that I am aware of. > >>> > >>> -- > >>> Joe Richards Microsoft MVP Windows Server Directory Services > >>> Author of O'Reilly Active Directory Third Edition > >>> www.joeware.net > >>> > >>> > >>> ---O'Reilly Active Directory Third Edition now available--- > >>> > >>> http://www.joeware.net/win/ad3e.htm > >>> > >>> > >>> workinghard@news.postalias wrote: > >>>> Yes, sure that works, making custom shortcuts etc ... but is there any way > >>>> to add it to the contect menu using the registry a lot of folks would > >>>> appreciate that. > >>>> > >>>> Cheers > >>>> > >>>> > >>>> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message > >>>> news:OTwr3OMOHHA.780@TK2MSFTNGP03.phx.gbl... > >>>>> Use runas executable from the command prompt. > >>>>> > >>>>> -- > >>>>> Joe Richards Microsoft MVP Windows Server Directory Services > >>>>> Author of O'Reilly Active Directory Third Edition > >>>>> www.joeware.net > >>>>> > >>>>> > >>>>> ---O'Reilly Active Directory Third Edition now available--- > >>>>> > >>>>> http://www.joeware.net/win/ad3e.htm > >>>>> > >>>>> > >>>>> workinghard@news.postalias wrote: > >>>>>> Hello, > >>>>>> > >>>>>> Local admins only get the option to "Run as Admin" when using > >>>>>> right-click, which uses the account with admin rights they are logged in > >>>>>> with. How can we enable them to choose an alternative domain account with > >>>>>> priviledges for like running Exchange or AD admin tools on administrative > >>>>>> workstations? > >>>>>> > >>>>>> Thx! > >>>>>> > >>>>>> Cheers > >>>> > |
| My System Specs |
|
02-14-2007
| #9 (permalink) |
| | Re: Run as instead of Run as Adminstrator Hi Joe, If I try this logged in as a user who is a member of the Administrators group, the RunAs command does NOT allow elevation. For example if I log in as MACHINE\LocalAdmin (with UAC enabled) then start a command prompt as "Administrator", then try to RUNAS gpmc and enter my domain admin credentials, it's gives an error saying it can't elevate... Joe Richards [MVP] wrote: > Certainly an option but I would way go for using the cmd prompt and > running runas there. Likely I could start up an admin tool faster that > way then someone could do it via the GUI anyway. > > > -- > Joe Richards Microsoft MVP Windows Server Directory Services > Author of O'Reilly Active Directory Third Edition > www.joeware.net > > > ---O'Reilly Active Directory Third Edition now available--- > > http://www.joeware.net/win/ad3e.htm > > > Jesper wrote: >> Shoulda mentioned that you need to hard-code the username in there, >> and remove the one I put in which is a dummy test account. >> "Jesper" wrote: >> >>> Actually, there is, sort of. I wrote a couple of shell add-ons for >>> the old command prompt here to get an elevated command prompt. The >>> same process can be used here. If you export this to a reg file and >>> import it, you will get a Run As this app on the context menu for >>> executables >>> Windows Registry Editor Version 5.00 >>> >>> [HKEY_CLASSES_ROOT\exefile\shell\cRunas] >>> @="Run As this app" >>> >>> [HKEY_CLASSES_ROOT\exefile\shell\cRunas\command] >>> @="runas.exe /user:ant\\jesperAD \"%1\"" >>> >>> If you want the old command prompt here, you import this file: >>> Windows Registry Editor Version 5.00 >>> >>> [HKEY_CLASSES_ROOT\Directory\shell\CmdHere] >>> @="Command Prompt Here" >>> >>> [HKEY_CLASSES_ROOT\Directory\shell\CmdHere\command] >>> @="cmd.exe /k cd \"%1\"" >>> >>> Both of these will be running with the normal token for that user. In >>> other words, if you runas an admin in admin approval mode, you get a >>> low admin token. To get an elevated token you would need an app that >>> can elevate arbitrary processes on the command line. I wrote one of >>> those for the Windows Vista Security book, but it is not quite ready >>> for prime time yet. >>> "Joe Richards [MVP]" wrote: >>> >>>> Not that I am aware of. >>>> >>>> -- >>>> Joe Richards Microsoft MVP Windows Server Directory Services >>>> Author of O'Reilly Active Directory Third Edition >>>> www.joeware.net >>>> >>>> >>>> ---O'Reilly Active Directory Third Edition now available--- >>>> >>>> http://www.joeware.net/win/ad3e.htm >>>> >>>> >>>> workinghard@news.postalias wrote: >>>>> Yes, sure that works, making custom shortcuts etc ... but is there >>>>> any way to add it to the contect menu using the registry a lot of >>>>> folks would appreciate that. >>>>> >>>>> Cheers >>>>> >>>>> >>>>> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message >>>>> news:OTwr3OMOHHA.780@TK2MSFTNGP03.phx.gbl... >>>>>> Use runas executable from the command prompt. >>>>>> >>>>>> -- >>>>>> Joe Richards Microsoft MVP Windows Server Directory Services >>>>>> Author of O'Reilly Active Directory Third Edition >>>>>> www.joeware.net >>>>>> >>>>>> >>>>>> ---O'Reilly Active Directory Third Edition now available--- >>>>>> >>>>>> http://www.joeware.net/win/ad3e.htm >>>>>> >>>>>> >>>>>> workinghard@news.postalias wrote: >>>>>>> Hello, >>>>>>> >>>>>>> Local admins only get the option to "Run as Admin" when using >>>>>>> right-click, which uses the account with admin rights they are >>>>>>> logged in with. How can we enable them to choose an alternative >>>>>>> domain account with priviledges for like running Exchange or AD >>>>>>> admin tools on administrative workstations? >>>>>>> >>>>>>> Thx! >>>>>>> >>>>>>> Cheers >>>>> -- Gerry Hickman (London UK) |
| My System Specs |
|
02-14-2007
| #10 (permalink) |
| | Re: Run as instead of Run as Adminstrator same issue here. Can,t elevate with the RUN AS ADMIN command. What gives ? Dan Sudbury, Canada |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Flashplayer and 'run as adminstrator' | Vista General | |||
| Adminstrator rights question | Vista General | |||
| Run As Adminstrator - why hasn't it saved us? | Vista security | |||
| Adminstrator problem | Vista General | |||
| Adminstrator | Vista account administration | |||
