I am using "runas" to open command prompt as a different user but that command prompt is not running as an admin. How can I make it run as an admin?
UPDATE: I am using Windows Server 2012
UPDATE: I opened cmd for another account by running
runas /user:domain\username cmd.exe
Then I tried to run some commands in this new prompt but this is not running as an elevated user (even though it has Administrator privileges).
This question is related to
command-prompt
administrator
All of these answers unfortunately miss the point.
There are 2 security context nuances here, and we need them to overlap. - "Run as administrator" - changing your execution level on your local machine - "Run as different user" - selects what user credentials you run the process under.
When UAC is enabled on a workstation, there are processes which refuse to run unless elevated - simply being a member of the local "Administrators" group isn't enough. If your requirement also dictates that you use alternate credentials to those you are signed in with, we need a method to invoke the process both as the alternate credentials AND elevated.
What I found can be used, though a bit of a hassle, is:
use the Sysinternals psexec utility as follows:
psexec \\localworkstation -h -i -u domain\otheruser exetorun.exe
The first elevation is needed to be able to push the psexec service. The -h runs the new "remote" (local) process elevated, and -i lets it interact with the desktop.
Perhaps there are easier ways than this?
I've found a way to do this with a single line:
runas /user:DOMAIN\USER2 /savecred "powershell -c start-process -FilePath \"'C:\\PATH\\TO\\YOUR\\EXECUTABLE.EXE'\" -verb runAs"
There are a few tricks going on here.
1: We are telling CMD just to run Powershell as DOMAIN\USER2
2: We are passing the "Start-Process" command to Powershell, using the verb "runAs" to elevate DOMAIN\USER2 to Administrator/Elevated privilege mode.
As a general note, the escape characters in the "FilePath" argument must be present (in other words, the "\ & \\ character combinations), and the single quotation (') must surround the EXE path - this way, CMD interprets the FilePath as a single string, then Powershell uses the single quotation to interpret the FilePath as a single argument.
Using the "RunAs" verb to elevate within Powershell: http://ss64.com/ps/syntax-elevate.html
You can use psexec.exe from Microsoft Sysinternals Suite https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Example:
c:\somedir\psexec.exe -u domain\user -p password cmd.exe
The easiest is to create a batch file (.bat) and run that as administrator.
Right click and 'Run as administrator'
Open notepad and paste this code:
@echo off
powershell -Command "Start-Process cmd -Verb RunAs -ArgumentList '/c %*'"
@echo on
Then, save the file as sudo.cmd. Copy this file and paste it at C:\Windows\System32 or add the path where sudo.cmd is to your PATH Environment Variable.
When you open command prompt, you can now run something like sudo start ..
If you want the terminal window to stay open when you run the command, change the code in notepad to this:
@echo off
powershell -Command "Start-Process cmd -Verb RunAs -ArgumentList '/k %*'"
@echo on
Explanation:
powershell -Command runs a powershell command.
Start-Process is a powershell command that starts a process, in this case, command prompt.
-Verb RunAs runs the command as admin.
-Argument-List runs the command with arguments.
Our arguments are '/c %*'. %* means all arguments, so if you did sudo foo bar, it would run in command prompt foo bar because the parameters are foo and bar, and %* returns foo bar.
The /c is a cmd parameter for closing the window after the command is finished, and the /k is a cmd parameter for keeping the window open.
Start -> shift + command Prompt right click will helps to use as another user or as Admin
In my case I was already logged in as a local administrator and I needed to run CMD as a domain admin so what worked for me was running the below from a powershell window:
runas /noprofile /user:DOMAIN\USER "cmd"
Runas doesn't magically run commands as an administrator, it runs them as whatever account you provide credentials for. If it's not an administrator account, runas doesn't care.
Source: Stackoverflow.com