Allows a user to run specific tools and programs with different permissions than the user's current logon provides.
Runas is a command-line tool that is built into Windows Vista. To use runas at the command line, open a command prompt, type runas with the appropriate parameters, and then press ENTER.
In the user interface for Windows Vista, the Run as… command has been changed to Run as administrator. However, you should rarely have to use the Run as administrator command because Windows Vista will automatically prompt you for an administrator password when it is needed.
For examples of how this command can be used, see Examples.
Syntax
runas [{/profile | /noprofile}] [/env] [{/netonly | /savecred}] [/smartcard] [/showtrustlevels] [/trustlevel] /user:<UserAccountName> "<ProgramName> <PathToProgramFile>"
Parameters
Parameter | Description |
---|---|
/profile |
Loads the user's profile. This is the default. This parameter cannot be used with the /netonly parameter. |
/no profile |
Specifies that the user's profile is not to be loaded. This allows the application to load more quickly, but it can also cause a malfunction in some applications. |
/env |
Specifies that the current network environment be used instead of the user's local environment. |
/netonly |
Indicates that the user information specified is for remote access only. This parameter cannot be used with the /profile parameter. |
/savecred |
Indicates if the credentials have been previously saved by this user. This parameter is not available and will be ignored on Windows Vista Home or Windows Vista Starter Editions. This parameter cannot be used with the /smartcard parameter. |
/smartcard |
Indicates whether the credentials are to be supplied from a smartcard. This parameter cannot be used with the /savecred parameter. |
/showtrustlevels |
Displays the trust levels that can be used as arguments to /trustlevel. |
/trustlevel |
Specifies the level of authorization at which the application is to run. Use /showtrustlevels to see the trust levels available. |
/user:<UserAccountName> "<ProgramName> <PathToProgramFile>" |
Specifies the name of the user account under which to run the program, the program name, and the path to the program file. The user account name format should be <User>@<Domain> or <Domain>\<UserAccountName>. |
/? |
Displays help at the command prompt. |
Remarks
- Enter the user's password only when prompted.
- It is good practice for administrators to use an account with
restrictive permissions to perform routine, nonadministrative
tasks, and to use an account with broader permissions only when
performing specific administrative tasks. To accomplish this
without logging off and back on, log on with a regular user
account, and then use the runas command to run the tools
that require the broader permissions.
- The use of runas is not restricted to administrator
accounts, although that is the most common use. Any user with
multiple accounts can use runas to run a program, MMC
console, or Control Panel item with alternate credentials.
- If you want to use the Administrator account on your computer,
for the /user: parameter, type one of the following:
/user:<AdministratorAccountName>@<ComputerName>
/user:<ComputerName>\<AdministratorAccountName>
- If you want to use this command as a domain administrator, type
one of the following:
/user:<AdministratorAccountName>@<DomainName>
/user:<DomainName>\<AdministratorAccountName>
- With the runas command, you can run programs (*.exe),
saved MMC consoles (*.msc), shortcuts to programs and saved MMC
consoles, and Control Panel items. You can run them as an
administrator while you are logged on to your computer as a member
of another group, such as the Users or Power Users group.
- You can use the runas command to start any program, MMC
console, or Control Panel item. As long as you provide the
appropriate user account and password information, the user account
has the ability to log on to the computer, and the program, MMC
console, or Control Panel item is available on the system and to
the user account.
- With the runas command, you can administer a server in
another domain or forest (the computer from which you run a tool
and the server you administer are in different domains or
forests).
- If you try to start a program, MMC console, or Control Panel
item from a network location using runas, it might fail
because the credentials used to connect to the shared network
resource are different from the credentials used to start the
program. The latter credentials may not be able to gain access to
the same shared network resource.
- Some items, such as the Printers folder and desktop items, are
opened indirectly and cannot be started with the runas
command.
- If the runas command fails, the Secondary Logon
service might not be running or the user account you are using
might not be valid. To check the status of the Secondary
Logon service, in Computer Management, click Services and
Applications, and then click Services. To test the user
account, try logging on to the appropriate domain using the
account.
Examples
The following command starts an instance of the command prompt as an administrator on the local computer:
runas /user:<localmachinename>\administrator cmd
When prompted, type the administrator account password.
The following command starts an instance of the Computer Management snap-in using a domain administrator account called contoso\domainadmin:
runas /user:contoso\domainadmin "mmc %windir%\system32\compmgmt.msc"
When prompted, type the domain administrator account password.
The following command starts an instance of Notepad (and a file named my_file.txt) using a domain administrator account called jayj in a domain called domain.contoso.com:
runas /user:jayj@domain.contoso.com "notepad my_file.txt"
When prompted, type the domain administrator account password.
The following command starts an instance of a command prompt window, saved MMC console, Control Panel item, or program that will administer a server in another forest:
runas /netonly /user:<Domain>\<User_Name> "<Command>"
<Domain>\<User_Name> must be a user with sufficient permissions to administer the server. When prompted, type the account password.