Elevated command prompt as another user

Question

I'm running Windows 7 (Enterprise, x64 if it makes any difference)

My account has admin privileges on this PC, but is a regular user on the domain.

I have another user account that is a member of Domain Admins. Generally, I can run admin tools as that user, and the fact that they are sometimes not elevated locally doesn't matter - they have full privileges on the domain, and that's what usually counts.

But occasionally, I need to do things like copy a file I've downloaded into a folder on a server that I need admin privileges to access. My admin account, when non-elevated, doesn't have access to my own account's private data on the PC.

I can launch a command prompt elevated under my own account, or I can launch a command prompt non-elevated under my admin account. But, short of using switch user, I can't come up with a way to launch a command prompt elevated as another user.

Anyone got any brilliant ideas?

score 7 · Accepted Answer · answered Apr 29 '11 at 22:08

PSEXEC.EXE FTW on this one

link to psexec page on sysinternals site

The -h will allow you to use Elevation if available From Psexec /?

-h If the target system is Vista or higher, has the process run with the account's elevated token, if available.

what you do is open a Elevated command prompt as you're logged in use (that has local admin rights of course)

Run Psexec with this command line to open a CMD shell under this window as a different elevated user

psexec  -h /user domain\username cmd

This should drop you to a new Prompt in the same window and you should have admin rights if both you and the other account have admin rights on that local system

If you take the -h off it will open up a new windows with user rights.

Runas doesn’t see to work for this. when I check for the Turst levels all I get with UAC on is

runas /showtrustlevels
The following trust levels are available on your system:
0x20000 (Basic User)

this no mater how I run it.

the Shell extension is built in to windows 7. You just have to hold the left shift key while you right click. Left shift exposes a lot of things sysadmins will find useful

Thanks for asking the question. I didn't know eather and I needed to do it to test a script — Christopher Thornton, Apr 29 '11 at 23:13

score 1 · Answer 2 · answered Oct 29 '10 at 13:29

1

Use ShellRunas from the sysinternals suite - link. Will give you a right click option of 'Run as different user...'.

answered Oct 29 '10 at 13:29

edusysadmin

536
2
8

score 0 · Answer 3 · answered Oct 29 '10 at 15:08

0

Not to be evasive of the actual problem you're having, but wouldn't the simplest solution, not requiring any elevation or account-switching at all, just be to give your accounts permissions on each other's user data?

answered Oct 29 '10 at 15:08

jgoldschrafe

4,395
18
18

1

Many places insist on separation of privilege between accounts, so people like me would have two accounts; one normal user, and a second Domain Admin. Theory being when I need to do adminly things I log in as that user, and leave things I can do as just-me (answer email, printing, writing documentation) to the account that's just me. This is common in Unix-land, but not so common in MS-land. – sysadmin1138 Oct 29 '10 at 15:32
@sysadmin1138 That's exactly how I work. What I probably should do is drop the admin permissions that my account has over my own PC, but that's a big project (that I'm in the middle of) and I'd like to be able to do some bits of work beforehand. – Richard Gadsden Oct 29 '10 at 19:08

score -1 · Answer 4 · answered Oct 29 '10 at 11:20

-1

RunAs should do the trick...
http://technet.microsoft.com/en-us/library/cc771525(WS.10).aspx

answered Oct 29 '10 at 11:20

Dan

1,278
18
27

1

RunAs gets me a non-elevated command prompt as the other user. Even when run from an elevated prompt as myself. – Richard Gadsden Oct 29 '10 at 11:34
Interesting... runas with a local user (Administrator) will create an elevated prompt (what I had tested with), but won't with a domain account, even if that account is a local admin. – Dan Oct 29 '10 at 11:49
@Richard Gadsden - you are getting the non elevated prompt for the other user becasue the other user does not have admin rights to the local machine. You cannot pass your elevated access between accounts. – edusysadmin Oct 29 '10 at 13:31
1

@edusysadmin the other user does have admin rights, if I log on as it directly, I can elevate. – Richard Gadsden Oct 29 '10 at 13:47
1

"runas" does not support elevation, even though it looks like it might. Which is kind of lame, since it's almost its primary function. – RomanSt Dec 17 '11 at 21:34

Elevated command prompt as another user

4 Answers4