Running Least-Privilege: Quick'n'Dirty RunAs Batch File
This is just a quick CMD file that automates some frequently-used manual steps that I perform when running as a regular user - I have it saved as RNAS.CMD in my Documents and Settings\TristanK folder (as that's where CMD defaults to for me).
@echo off
if "%1" == "" goto Default
runas /user:MyMachine\LocalAdmin %*
goto End
:Default
runas /user:MyMachine\LocalAdmin "CMD.exe /K \"CD /D \"%USERPROFILE%\""
:End
The first line (after the @echo off that removes the unsightly plumbing from display) checks to see if I've passed in any command-line parameters, and if I have, runs them as a preference, but still supplies the username. No need to keep re-typing that name...
It's set up so that if I've just typed RNAS on its own, I just want a command prompt - so it plonks me into the folder I want to be in.
The messy escaping stuff at the end of the Default line is to bring up a CMD window as Administrator, but still pointing at my User Profile folder, which it does.
The next tip is that if you've tried running things from the command line in a RunAs session, sometimes things don't work as they do for the “real” user session, so I have another batch file in the folder, called IE.CMD, which does this:
START IEXPLORE.EXE %*
This opens an instance of IE as my administrator self, which can easily be repurposed into a more traditional Explorer window, or taken to the Control Panel by typing “Control Panel” into the Address Bar.
One other that I use - CM.CMD:
START COMPMGMT.MSC
Which opens the Computer Management MMC.
It's all about the reduced typing!