runas

Runs a program using alternate credentials than those currently being used.

Syntax

 runas [/profile] [/env] [/netonly] /user:   credentials     program   

Options

program

Program to be run.

/profile

User's profile (may need to be loaded for some programs).

/env

Current network environment instead of user's local environment.

/netonly

For remote access.

/user:credentials

User credentials for running the program. (The syntax is user@domain or domain\user for domain accounts and user@computer or computer\user for local accounts.)

Examples

Open a command shell using the default Administrator account for the domain while logged on as an ordinary domain user:

  runas /user:administrator@mtitworld.com cmd  Enter password for administrator@mtitworld.com:  ********  Attempting to start "cmd" as user     "administrator@mtitworld.com"... 

A second command shell now opens with the following in the titlebar:

cmd (running as administrator@mtitworld.com)

Run Computer Management using the administrator account JaneD from the domain mtitworld.com :

  runas /user:janed@mtitworld.com "mmc %windir%\system32\compmgmt.msc"  

Open a command shell to administer a server in a different forest using credentials in that forest:

  runas /netonly /user:   <credentials>   cmd  

runas can also be invoked from the GUI. For example, to open the Display utility in the Control Panel using alternate credentials, select:

Start Settings Control Panel hold down Shift right-click Display Run as enter credentials

This is easier than remembering how to do it from the command line:

  runas /user:   <credentials>   "control %windir%\system32\desk.cpl"  

Notes

• It's a good idea for administrators to have two accounts: an ordinary user account for performing daily tasks , such as checking email or writing reports , and an administrator account for performing administrative tasks. The usefulness of runas is that administrators can perform tasks requiring Administrator credentials while logged on as an ordinary user, making it unnecessary to log off and then on again.

• Another term for using runas is using the secondary logon .

• runas works with programs ( *.exe ), saved MMC consoles ( *.msc ), and Control Panel items.

• runas can't be used to start items, such as Windows Explorer, the Printers folder, and desktop items. However, you can work around this by using the Processes tab of Task Manager to kill the current shell ( Explorer.exe ) and then the New Task button on the Applications tab to run the following command:

    runas /user:domain\administrator explorer.exe  

• You can create a shortcut to an item such as a saved MMC console and configure it to always run using a specific set of credentials.

• runas may not be able to run programs stored on a network share since the credentials used to start the program may be different from the credentials used to connect to the network share. This may make runas unable to gain access to the share.

• The runas service must be running in order to use the runas command.

• If you use runas at the command line without the /profile option, the default user profile is used instead of the profile of the user being impersonated. For example, if the command being invoked by runas saves a file in My Documents; it saves it in My Documents for the default user, not the user being impersonated by runas . If you use the runas option from the shortcut menu in Windows Explorer, the /profile option is specified by default.

See Also

cmd , Logon