runas
This article needs additional citations for verification. (April 2008) |
In computing, runas
is a command in the Microsoft Windows line of operating systems that allows a user to run specific tools and programs under a different username to the one that was used to logon to a computer interactively. It is similar to the Unix commands sudo
and su
, but the Unix commands generally require prior configuration by the system administrator to work for a particular user and/or command.
Microsoft Windows
The runas
command was introduced with the Windows 2000 operating system. Any application can use this API to create a process with alternate credentials, for example, Windows Explorer in Windows 7 allows an application to be started under a different account if the shift key is held while right-clicking its icon. The program has the ability to cache verified credentials so that the user only ever has to enter them once.
Syntax
runas [{/profile | /noprofile}] [/env] [/netonly] [/smartcard] [/showtrustlevels] [/trustlevel:<TrustLevel>] [/savecred] /user:<UserAccountName> program
Explanation of the parameters
This section is paraphrased from the runas /?
command.
/noprofile
: Speeds up the loading of the application by skipping the loading of the user's profile. Note that this might not speed up every application./profile
: Do not skip loading the user's profile. This is the default setting./env
: Use the actual environment, not the user's./netonly
: Specifies that the given credentials are to be used for Remote access only./savecred
: Credentials saved by the previous user. This setting is not available on Windows 7 Home or Windows 7 Starter Edition. This setting is left out from Windows XP Home Edition as well./smartcard
: Specifies that the credentials will be supplied from a smartcard./user
: Format is eitherUSER@DOMAIN
orDOMAIN\USER
./showtrustlevels
: Shows help (list of usable trust level parameters) for the /trustlevel switch./trustlevel
: One of the trust levels listed by the /showtrustlevels switch.program
: Command line for the executable file. See examples below.
Note: Only type in the user's password, when the system asks for it.
Note: The /profile
switch is not compatible with the /netonly
switch.
Note: The /savecred
and the /smartcard
switches may not be used together.
Examples
runas /noprofile /user:machine\administrator cmd
runas /profile /env /user:domain\admin "mmc %windir%\system32\dsa.msc"
runas /user:user@domain.example.org "notepad C:\filename.txt"
runas /user:administrator /savecred "shutdown /i"
Inferno
The command is also included in the Inferno operating system.
Syntax
runas
writes the user
to /dev/user
and invokes cmd
with the given arguments.
runas user cmd [arg...]
Note: The command is only invoked if setting of the user name succeeds.
See also
- Comparison of privilege authorization features
- Principle of least privilege
- User Account Control, which disables the Administrator SID for the desktop, allowing it to re-enabled by exception.