Run "cmd.exe" as a given user and "as administrator" in command line

Page 2 of 2 FirstFirst 12

  1. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #11

    Lea Massiot said:
    ...I have to say that despite I'm not an English speaking native I think I described my problem quite clearly in my two previous posts in this very same thread....
    Your English is great. You did describe a task that I assume is a simplified version of the real task. And you are correct, there does not seem to be a native way to impersonate another user (runas) to launch an app at the high integrity level. AutoIt scripts can request an elevation to the high integrity level... but I'm not sure that this would work while impersonating another user.

    Lea Massiot said:
    ...Now, I'm really confused about:
    1) the "administrator account" you're talking about ;
    2) the "Administrators" group ;
    3) the "Run as administrator" functionality.

    Best regards.
    1) The administrator account that I mentioned is described here:
    Built-in Administrator Account - Enable or Disable

    2 & 3) If a user is a member of the "Administrators" group...
    ...they can do somethings without being asked for credentials.

    User1 is in the "Administrators" group.
    User1 starts notepad.
    Notepad runs at the medium integrity level.
    (assumes default UAC settings)

    User100 is not in the "Administrators" group.
    User100 starts notepad.
    Notepad runs at the medium integrity level.
    (assumes default UAC settings)

    User1 starts notepad using "Run as administrator".
    User1 answers yes to the UAC prompt.
    Notepad runs at the high integrity level.

    User100 starts notepad using "Run as administrator".
    User100 is prompted for the credentials of one of the user in the "Administrators" group.
    If those credentials are correctly entered, notepad runs at the high integrity level.

    User1 and user100 can do most of the same things.
      My Computer
    Quote Quote

  3. Lea Massiot
    Posts : 26
    Windows 7 Professional SP1 64bit
    Thread Starter
       New #12

    Thank you for all this useful and clear information.
    Best regards.
      My Computer
    Quote Quote

  4. jonnyhotchkiss
    Posts : 260
    Windows 7 Ultimate 64bit
       New #13

    Thank you for being so polite, and for returning to reciprocate your gratitude - excellent example of how 'manners cost nothing'...

    I wondered if you ever achieved your objective - 'run cmd as different user' with admin rights?
      My Computer
    Quote Quote

  6. Pyprohly
    Posts : 721
    Windows 10, Windows 8.1 Pro, Windows 7 Professional, OS X El Capitan
       New #14

    Sorry, but I'm absolutely certain that it's impossible (through the command prompt) to start a command prompt as another user and with elevated privileges, because there is no such command line command that allows one to start a new process as elevated using credentials other than the builtin Administrator at least, and the Runas command does not accept multiple user credentials.

    The question posed by the OP cannot be achieved via the Command Prompt. What else can we try then? Let's take a look at Windows Powershell instead...

    Powershell is the future scripting language and command line interface for Windows. It is much more robust than the Command Prompt which uses different parsing tools to process each unique command and Powershell is more flexable with a larger set of built-in commands and only one command parser for all of them. Anyone from Windows XP and later may use it.

    The following powershell command, in theory, should start a command prompt instance running as the user "User01", while at the same time run as an elevated process:
    Code:
    Start-Process cmd -Credential User01 -Verb RunAs
    ... but in practise, this raises an exception.

    It seems that the switches '-Credential' (specify a user to run as) and '-Verb' ((potentially) specify that the executable should run elevated) cannot be used together; it's as if Microsoft never wanted users to be able to start processes as other users and run the process as administrator at the same time, anyhow.

    But with a dab of tricky involved, there is a well known powershell command going around that does exactly what you need, Jonnyhotchkiss and Lea Massiot, here it is (this is a slimed down version of the same command you might find elsewhere on the internet):
    Code:
    Start-Process powershell 'Start-Process cmd -Verb RunAs' -Credential User01
    (Replacing "User01" with the user to run as (and "cmd" with the program of your choice) as needed)

    It works by calling a new instance of Powershell as a specified user (User01 in this case), then it executes another Start-Process command (aka Cmdlet) inside the new Powershell instance which invokes cmd.exe with 'Run as Administrator' privileges. So it's as if that other user had typed out that second command (Start-Process cmd -Verb RunAs) into a Powershell prompt.

    The above powershell command is one of the very few ways in Windows to start a new process as another user, while at the same time running it with administrative (elevated) permissions. All done in one go.


    I'm sorry that the solution could not involve simple commands typed at the command prompt. If it was possible I would share, but Powershell is the only way to go here.
    Last edited by Pyprohly; 14 Jan 2015 at 01:33.
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
Hello, I would like to know if there is a way to "close" an open Control Panel Applet via a command line reference?I know a couple ways to open the window - "c:\windows\system32\mmsys.cpl" OR command mmsys.cpl but I would like to also close it via command line. Any suggestions? ...
Can anyone help me with this ? i got a picture ... i cant sendto desktop as shortcut the icon is missing .. help !!:cry:
have the latest AMD driver installed on my thinkpad but I loathe loading .NET 4 just to run CCC for one reason only: to disable varibright. Anyone know what the registry key is for this? or some way to command-line turn off?
Is there a simple, silent, non-interactive way to switch from "Extend These Displays" to "Duplicate These Displays"?
Hi All, Previous PC was an XP and we had a shortcut within the Send To context menu called "Mail To" which when clicked on a file would open a new email with the file attached and with the default email (as done from within Outlook), not the crappy text "mail recipient" one that is standard in...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:09.
Find Us