Windows Tip #5: RunAs
This page provides a few tips that some Windows? administrator should find useful. We provide this tips and tools as is with no warranties expressed or implied, use them at your own risk. WARNING, these scripts can be reversed easily and caution should be used when using them, again we take no responsibity for any harm or good these scripts might do.
You may want to consider using a scheduled task instead. These programs are all offered by Microsoft and will do the job for most. (You must have administrator right's to add a scheduled task!)
- AT: Schedule tasks to be run on the computer as the Local System account (other accounts can be used too).
- Schtasks.exe: Schedule Tasks to be run as a specfic local or domain user account.
- Schedule Tasks, Wizard Located in the Control Panel, run task's as local or domain user accounts.
RunAs VBS / VBE Scripts
Runas allows you to run a process or executable in the context of another user. This user can be part of a higher, lower or even equal privledged access group. Typically RunAs is used to grant a higher privledge to a process or program. For instance: You have users that are part of the "Power Users" group on their PC's, and you need to install a program for them. As a Power User this particular program cannot be fully installed and requires Administrator privledges. Windows 2000 first introduced the RunAs program, where you would hold shift and right-click the short-cut or setup program, and then select "RunAs...". You'd get a pop up window that allowed you to enter in the administrator, or equivlent account, along with the proper password, and the program would proceed to run in the higher privledged mode until it completed or was stopped. With XP you no longer have to hold shift down to access the RunAs selection, you simply right-click.
RunAs is also able to be used from the Command Line, and that's what these scripts do. Typically when you use RunAs from the command line, you cannot automatically enter a password, and this is a very good thing, as the password would be exposed in plain-text if you could specify it in this way. Our scripts were pulled off the web from various places, and modified to suit the needs we commonly address. These scripts use the "SendKeys" function in VB script to automatically enter the password. It's true that the password would be in plain-text when the vbs file is created, but in the process outlined below you'll learn how to encode the vbs file to a vbe file. While encoding is not as strong as encrypting, it's typically enough to keep prying eyes from being able to determine the username and password being used.
This example uses the Local admin account to open Microsoft Word
set oShell= Wscript.CreateObject("WScript.Shell")
'Replace the path with the program you wish to run c:\program files...
oShell.Run "RunAs /noprofile /user:administrator ""C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"""
'Replace the string --> yourpassword~ with the
'password used on your system. Include the tilde "~"
A drag and drop RunAs program
Simply drag and drop an icon or program on to the vbs or the vbe version of this script! (below)
wshShell.run("RunAs /noprofile /user:%computername%\administrator " & Chr(34) & "cmd /c\" & Chr(34) & WScript.Arguments(0) & "\" & Chr(34) & Chr(34))
'Replace the string --> yourpassword~ below with
'the password used on your system. Include tilde "~"
Download these sample scripts (and a few more) right here.
Encode the VBS file to a VBE file
The last step is to encode the scripts using Microsofts Script Encoder
Download the script encoder here: MS Script Encoder Download Page
Once installed, go to a command prompt and type:
screnc.exe /l vbscript MSword.vbs MSword.vbe
MSword.vbs is the name of the plain-text script, MSword.vbe is the encoded version, rather the output file name.
That's really all there is to it!
Security Risk's using these scripts!!!
Use these scripts with caution!!
The recommended encoding for these scripts can be reversed quite easily. While the encoding used is not as insecure as say ROT-13 it still is a very simple substituion encoding method. RunAs in it's native modes is much more secure than our scripts; as the password is never written down in plain-text and must be input interactively. The encoded vbs file (a vbe file) can be run in windows 2000, XP, windows ME, and 2003 with no need to install additional software. Reading/Decoding VBE files is built-in, but encoding to vbe is not.
You may want to consider using a scheduled task instead. These programs are all offered by Microsoft and will do the job for most.