runas
In computing, runas
(a compound word, from “run as”) is a command in the Microsoft Windows line of operating systems that allows a user to run specific tools and programs under a different username to the one that was used to logon to a computer interactively.[1] It is similar to the Unix commands sudo
and su
, but the Unix commands generally require prior configuration by the system administrator to work for a particular user and/or command.
Microsoft Windows
The runas
command was introduced with the Windows 2000 operating system.[2] Any application can use this API to create a process with alternate credentials, for example, Windows Explorer in Windows 7 allows an application to be started under a different account if the shift key is held while right clicking its icon. The program has the ability to cache verified credentials so that the user only ever has to enter them once.
Syntax
runas [{/profile | /noprofile}] [/env] [/netonly] [/smartcard] [/showtrustlevels] [/trustlevel:<TrustLevel>] [/savecred] /user:<UserAccountName> program
Parameters
This section is paraphrased from the runas /?
command.
/noprofile
: Speeds up the loading of the application by skipping the loading of the user's profile. Note that this might not speed up every application./profile
: Do not skip loading the user's profile. This is the default setting./env
: Use the actual environment, not the user's./netonly
: Specifies that the given credentials are to be used for Remote access only./savecred
: Credentials saved by the previous user. This setting is not available on Windows 7 Home or Windows 7 Starter Edition. This setting is left out from Windows XP Home Edition as well./smartcard
: Specifies that the credentials will be supplied from a smartcard./user
: Format is eitherUSER@DOMAIN
orDOMAIN\USER
./showtrustlevels
: Shows help (list of usable trust level parameters) for the /trustlevel switch./trustlevel
: One of the trust levels listed by the /showtrustlevels switch.program
: Command line for the executable file. See examples below.
Note: Only type in the user's password, when the system asks for it.
Note: The /profile
switch is not compatible with the /netonly
switch.
Note: The /savecred
and the /smartcard
switches may not be used together.
Examples
runas /noprofile /user:machine\administrator cmd
runas /profile /env /user:domain\admin "mmc %windir%\system32\dsa.msc"
runas /user:user@domain.example.org "notepad C:\filename.txt"
runas /user:administrator /savecred "shutdown /i"
Inferno
The command is also included in the Inferno operating system.[4]
Syntax
runas
writes the user
to /dev/user
and invokes cmd
with the given arguments.
runas user cmd [arg...]
Note: The command is only invoked if setting of the username succeeds.
See also
- Comparison of privilege authorization features
- Principle of least privilege
- User Account Control, which disables the Administrator SID for the desktop, allowing it to re-enabled by exception.
References
Further reading
- Frisch, Æleen (2001). Windows 2000 Commands Pocket Reference. O'Reilly. ISBN 978-0-596-00148-3.
- Stanek, William R. (2008). Windows Command-Line Administrator's Pocket Consultant, 2nd Edition. Microsoft Press. ISBN 978-0735622623.
External links
- Sysinternals ShellRunas
- Alternative Runas tools
- – Inferno General commands Manual