Running Least-Privilege: Quick’n’Dirty RunAs Batch File


This is just a quick CMD file that automates some frequently-used manual steps that I perform when running as a regular user – I have it saved as RNAS.CMD in my Documents and Settings\TristanK folder (as that’s where CMD defaults to for me).


@echo off
if “%1” == “” goto Default

runas /user:MyMachine\LocalAdmin %*
goto End

:Default
runas /user:MyMachine\LocalAdmin “CMD.exe /K \”CD /D \”%USERPROFILE%\””

:End


The first line (after the @echo off that removes the unsightly plumbing from display) checks to see if I’ve passed in any command-line parameters, and if I have, runs them as a preference, but still supplies the username. No need to keep re-typing that name…


It’s set up so that if I’ve just typed RNAS on its own, I just want a command prompt – so it plonks me into the folder I want to be in.


The messy escaping stuff at the end of the Default line is to bring up a CMD window as Administrator, but still pointing at my User Profile folder, which it does.


The next tip is that if you’ve tried running things from the command line in a RunAs session, sometimes things don’t work as they do for the “real” user session, so I have another batch file in the folder, called IE.CMD, which does this:


START IEXPLORE.EXE %*


This opens an instance of IE as my administrator self, which can easily be repurposed into a more traditional Explorer window, or taken to the Control Panel by typing “Control Panel” into the Address Bar.


One other that I use – CM.CMD:


START COMPMGMT.MSC


Which opens the Computer Management MMC.


It’s all about the reduced typing!

Comments (2)

  1. Anonymous says:

    IE Security

  2. Anonymous says:

    So you want to try this "non admin" thingy I keep harping about but you have this application that updates…