RUNAS - CMD

Overview

RUNAS is a command in Windows CMD that allows a user to run specific tools and programs with different permissions than the user’s current logon session. It is particularly useful for administrators who need to run applications under another user’s context or with elevated privileges without switching users or logging out. This command is vital for maintaining security and accessing restricted files or settings when needed.

Syntax

The basic syntax for RUNAS is as follows:

RUNAS [/profile] [/env] [/netonly] [/smartcard] [/noprofile] [/showtrustlevels] [/trustlevel:<Level>] /user:<UserName> program
  • /profile loads the user’s profile (default).
  • /env uses the current environment instead of the user’s.
  • /netonly indicates the program is to be run on a remote system.
  • /smartcard requires the use of a smart card.
  • /noprofile specifies that the user’s profile should not be loaded.
  • /showtrustlevels displays the trust levels that can be used with /trustlevel.
  • /trustlevel runs the program at a specific trust level.
  • /user specifies the user context the command should run under.

<UserName> should be in the format USER@DOMAIN or DOMAIN\USER.

program refers to the command or executable you want to run with elevated privileges.

Options/Flags

  • /profile: Loads the user’s profile. This ensures that the application runs with settings specific to the user.
  • /noprofile: Does not load the user’s profile, which can speed up the execution time but might not retain user-specific settings.
  • /env: Uses the current environment variables instead of the user’s.
  • /netonly: Useful for accessing resources on another domain where credentials different from the local computer are needed.
  • /smartcard: When executing commands that require Smart Card authentication.
  • /showtrustlevels: Useful to view what levels of trust can be applied to processes.
  • /trustlevel: Run the command at a specific trust level, such as “0x20000” (Standard User) or “0x40000” (Administrator).

Examples

1. Run Microsoft Management Console as an administrator:

RUNAS /user:administrator "mmc"

2. Run Notepad under a different user account within your network:

RUNAS /user:DOMAIN\UserName "notepad"

3. Open a command prompt with administrative privileges:

RUNAS /user:administrator "cmd"

Common Issues

  • Access Denied: Ensure the user has the necessary rights to run the command and access the designated program.
  • Incorrect Password: Double-check credentials as passwords must be entered correctly when prompted.
  • User Profile Issues: Using /noprofile can solve issues where the user profile fails to load or is corrupted.

Integration

RUNAS can be combined with batch scripts or other CMD commands to automate tasks under different user permissions:

RUNAS /user:admin "cmd /c del C:\test\file.txt"
RUNAS /user:admin /netonly /env "cmd /c gpupdate /force"
  • CMD: Opens the command prompt window. Useful with RUNAS to perform tasks with elevated privileges.
  • GPUPDATE: Refreshes policy settings; often run with administrative rights via RUNAS.

Explore Microsoft’s official documentation for more in-depth details and additional examples.