Runas

Last updated • 2 min readFrom Wikipedia, The Free Encyclopedia
runas
Developer(s) Microsoft
Initial releaseFebruary 17, 2000;24 years ago (2000-02-17)
Operating system Microsoft Windows
Type Command
License Proprietary commercial software
Website docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc771525(v=ws.11)

In computing, runas (a compound word, from “run as”) is a command in the Microsoft Windows line of operating systems that allows a user to run specific tools and programs under a different username to the one that was used to logon to a computer interactively. [1] It is similar to the Unix commands sudo and su , but the Unix commands generally require prior configuration by the system administrator to work for a particular user and/or command.

Contents

Microsoft Windows

The runas command was introduced with the Windows 2000 operating system. [2] Any application can use this API to create a process with alternate credentials, for example, Windows Explorer in Windows 7 allows an application to be started under a different account if the shift key is held while right clicking its icon. The program has the ability to cache verified credentials so that the user only ever has to enter them once.

Syntax

The command-syntax is: [3] 

runas [{/profile | /noprofile}] [/env] [/netonly] [/smartcard] [/showtrustlevels] [/trustlevel:<TrustLevel>] [/savecred] /user:<UserAccountName> program

Parameters

This section is paraphrased from the runas /? command.

  • /noprofile: Speeds up the loading of the application by skipping the loading of the user's profile. Note that this might not speed up every application.
  • /profile: Do not skip loading the user's profile. This is the default setting.
  • /env: Use the actual environment, not the user's.
  • /netonly: Specifies that the given credentials are to be used for Remote access only.
  • /savecred: Credentials saved by the previous user. This setting is not available on Windows 7 Home or Windows 7 Starter Edition. This setting is left out from Windows XP Home Edition as well.
  • /smartcard: Specifies that the credentials will be supplied from a smartcard.
  • /user: Format is either USER@DOMAIN or DOMAIN\USER.
  • /showtrustlevels: Shows help (list of usable trust level parameters) for the /trustlevel switch.
  • /trustlevel: One of the trust levels listed by the /showtrustlevels switch.
  • program: Command line for the executable file. See examples below.

Note: Only type in the user's password, when the system asks for it.

Note: The /profile switch is not compatible with the /netonly switch.

Note: The /savecred and the /smartcard switches may not be used together.

Examples

runas /noprofile /user:machine\administrator cmd runas /profile /env /user:domain\admin "mmc %windir%\system32\dsa.msc" runas /user:user@domain.example.org "notepad C:\filename.txt" runas /user:administrator /savecred "shutdown /i"

Inferno

The command is also included in the Inferno operating system. [4]

Syntax

runas writes the user to /dev/user and invokes cmd with the given arguments.

runas user cmd [arg...]

Note: The command is only invoked if setting of the username succeeds.

See also

Related Research Articles

cd (command) Computer command in various operating systems

The cd command, also known as chdir, is a command-line shell command used to change the current working directory in various operating systems. It can be used in shell scripts and batch files.

pwd Directory information command on various operating systems

In Unix-like and some other operating systems, the pwd command writes the full pathname of the current working directory to the standard output.

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.

In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of the account is not the determining factor; on Unix-like systems, for example, the user with a user identifier (UID) of zero is the superuser, regardless of the name of that account; and in systems which implement a role-based security model, any user with the role of superuser can carry out all actions of the superuser account. The principle of least privilege recommends that most users and applications run under an ordinary account to perform their work, as a superuser account is capable of making unrestricted, potentially adverse, system-wide changes.

An environment variable is a user-definable value that can affect the way running processes will behave on a computer. Environment variables are part of the environment in which a process runs. For example, a running process can query the value of the TEMP environment variable to discover a suitable location to store temporary files, or the HOME or USERPROFILE variable to find the directory structure owned by the user running the process.

sudo Command on Unix systems to temporarily assume root privileges

sudo is a program for Unix-like computer operating systems that enables users to run programs with the security privileges of another user, by default the superuser. It originally stood for "superuser do", as that was all it did, and it is its most common usage; however, the official Sudo project page lists it as "su 'do'". The current Linux manual pages for su define it as "substitute user", making the correct meaning of sudo "substitute user, do", because sudo can run a command as other users as well.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

cmd.exe Command prompt t Tprogram

Command Prompt, also known as cmd.exe or cmd, is the default command-line interpreter for the OS/2, eComStation, ArcaOS, Microsoft Windows, and ReactOS operating systems. On Windows CE .NET 4.2, Windows CE 5.0 and Windows Embedded CE 6.0 it is referred to as the Command Processor Shell. Its implementations differ between operating systems, but the behavior and basic set of commands are consistent. cmd.exe is the counterpart of COMMAND.COM in DOS and Windows 9x systems, and analogous to the Unix shells used on Unix-like systems. The initial version of cmd.exe for Windows NT was developed by Therese Stowell. Windows CE 2.11 was the first embedded Windows release to support a console and a Windows CE version of cmd.exe. The ReactOS implementation of cmd.exe is derived from FreeCOM, the FreeDOS command line interpreter.

In computing, privilege is defined as the delegation of authority to perform security-relevant functions on a computer system. A privilege allows a user to perform an action with security consequences. Examples of various privileges include the ability to create a new user, install software, or change kernel functions.

<span class="mw-page-title-main">User Account Control</span> Security software

User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 11. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorises an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges and malware are kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorises it.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

The NTFS file system defines various ways to redirect files and folders, e.g., to make a file point to another file or its contents without making a copy of it. The object being pointed to is called the target. Such file is called a hard or symbolic link depending on a way it's stored on the filesystem.

A number of computer operating systems employ security features to help prevent malicious software from gaining sufficient privileges to compromise the computer system. Operating systems lacking such features, such as DOS, Windows implementations prior to Windows NT, CP/M-80, and all Mac operating systems prior to Mac OS X, had only one category of user who was allowed to do anything. With separate execution contexts it is possible for multiple users to store private files, for multiple users to use a computer at the same time, to protect the system against malicious users, and to protect the system against malicious programs. The first multi-user secure system was Multics, which began development in the 1960s; it wasn't until UNIX, BSD, Linux, and NT in the late 80s and early 90s that multi-tasking security contexts were brought to x86 consumer machines.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

A batch file is a script file in DOS, OS/2 and Microsoft Windows. It consists of a series of commands to be executed by the command-line interpreter, stored in a plain text file. A batch file may contain any command the interpreter accepts interactively and use constructs that enable conditional branching and looping within the batch file, such as IF, FOR, and GOTO labels. The term "batch" is from batch processing, meaning "non-interactive execution", though a batch file might not process a batch of multiple data.

<span class="mw-page-title-main">User (computing)</span> Person who uses a computer or network service

A user is a person who utilizes a computer or network service. A user often has a user account and is identified to the system by a username . Some software products provide services to other systems and have no direct end users.

In computing, pushd and popd are a pair of commands which allow users to quickly switch between the current and previous directory when using the command line. When called, they use a directory stack to sequentially save and retrieve directories visited by the user.

start (command) Shell command

In computing, start is a command of the IBM OS/2, Microsoft Windows and ReactOS command-line interpreter cmd.exe to start programs or batch files or to open files or directories using the default program. start is not available as a standalone program. The underlying Win32 API is ShellExecute.

<span class="mw-page-title-main">Command-line interface</span> Computer interface that uses text

A command-line interface (CLI) is a means of interacting with a computer program by inputting lines of text called command-lines. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user-friendly alternative to the non-interactive interface available with punched cards.

<span class="mw-page-title-main">ProcDump</span> Command-line application

ProcDump is a command-line application used for monitoring an application for CPU spikes and creating crash dumps during a spike. The crash dumps can then be used by an administrator or software developer to determine the cause of the spike. ProcDump supports monitoring of hung windows and unhandled exceptions. It can also create dumps based on the values of system performance counters.

References

  1. "Runas". learn.microsoft.com. 2009-09-11. Retrieved 2024-07-04.
  2. "MS-DOS and Windows command line runas command". computerhope.com. Retrieved 2024-07-04.
  3. "Runas - Run under a different user account - Windows CMD - SS64.com". ss64.com. Retrieved 2024-07-04.
  4. "Inferno's RUNAS(1 )".

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.