0

I really like Mark Russinovich's Process Explorer so I'm always running it. I would like to automate this task of manually starting this process up every time I logon.

But I want this program to run as domain administrator even though I logon as a local user. The reason being is I can manage (kill) processes/services running under domain accounts.

So how do I do that?

I suppose if I create a local service using sc create command I won't be able to interact with Process Explorer then? Will I be able to see the icon in the task tray and open it etc etc?

So is this at all possible?

What I tried

I've tried two things:

  1. Task scheduler
    I tried scheduling a task after user logs on and set it's user to domain administrator. The program does seem to run, but I don't have any interactivity (the window) so I can't use it, can I...
  2. sc create to create a service
    Similar. No interactivity. And there was some other error as well.
Robert Koritnik
  • 912
  • 5
  • 19
  • 35

2 Answers2

1

create a batch file or similar in a start-up folder with the contents:

runas /user:domain\admin C:\Path\To\ProcessExplorer.exe

Before rebooting, run

runas /savecred /user:domain\admin C:\Path\To\ProcessExplorer.exe

It will prompt you for the password only this one time; note that the admin password will be saved to your Windows profile (not usually a good idea); and this does not work for Win7 Home or Starter editions.

Chris S
  • 77,945
  • 11
  • 124
  • 216
  • Well saving password in my profile isn't wise as you pointed out. Any other idea? Check my edited question as well. – Robert Koritnik Aug 31 '10 at 17:19
  • @Robert, if you don't run the second command it will just prompt you for the password every time you login. – Chris S Aug 31 '10 at 18:50
  • But what if I'm not connected to a DC? If a service runs under domain credentials it will still auto run. But this one wouldn't because credentials wouldn't be able to be checked against AD on DC. This is my usual scenario, because I'm running my DC as a VM inside my host where I login with a local user. Strange. I know. But I'm a developer and I need a DC for a project I'm working on. – Robert Koritnik Sep 01 '10 at 00:49
  • @Robert, services do no cache credentials; so if the service is running as a domain account, and you can't connect to a DC, it will not run. Only interactive logins cache credentials. You are correct that the `runas` command would not work without access to a DC. – Chris S Sep 01 '10 at 13:29
  • Is that correct? Because I have an IIS7 application pool running under domain account. I just checked and run it. I can see w3wp running as domain account but my VM DC is off. So I guess services can run under domain accounts without being connected to DC. Oh and BTW: My SQL Engine also runs under domain account. And is also well and functioning at the moment. – Robert Koritnik Sep 02 '10 at 08:30
-1

Create a shortcut to ProcessExplorer in your startup directory, then change its properties to "Run as administrator".

zarkdav
  • 470
  • 2
  • 4