Windows 2000 Secondary Logon (Run As)

$LabMice.net - The Windows 2000\XP\.NET Resource Index$
Home \| About Us \| Search	Last Updated December 10, 2003

Administration
Batch Files
Command Line
Env Variable
Logon & Auth
Logon Scripts
MMC
Password Mgmt
Run As
Scheduling Service
Services
Telnet
Time Synch

LabMice Tip

To start an application using the "Run As" command from with in the Explorer Graphic Shell, press "Shift" as you right click the executable or shortcut. You'll see the "Run as" option appear in the pop up menu.

	Windows 2000 Secondary Logon (Run As)
It is good practice for administrators to use an account with restrictive permissions to perform routine, non-administrative tasks, and to use an account with broader permissions only when performing specific administrative tasks. To accomplish this without logging off and back on, log on with a regular user account and use the runas command to run the tools that require the broader permissions.

Where to Start...

HOW TO: Use the Run as Command to Start a Program as an Administrator
Microsoft Knowledge Base Article: 301634 - This step-by-step article describes how to use the Run as command.

Secondary Logon (Run As): Starting Programs and Tools in Local Administrative Context
Microsoft Knowledge Base Article: 225035 - Windows 2000 secondary logon allows administrators to log on with a non-administrative account and still be able to perform administrative tasks (without logging off) by running trusted administrative programs in administrative contexts.

Step-by-Step Guide to Using Secondary Logon in Windows 2000
This technical step-by-step guide provides examples of using the secondary logon feature, the Run as service, in the Windows® 2000 operating system. Secondary logon allows administrators to avoid having to log on with an administrative account for each task. Instead, secondary logon enables administrators to log on with an ordinary user account and then start trusted administrative tools in the context of the administrator's account without logging off. A user with multiple credentials can start applications under different credentials without needing to log off.. Source: Microsoft.com (March 3, 2000)

Using Windows 2000's Run As Command
Using Windows 2000's Run As Command Windows 2000 (Win2K) includes a Run As command that lets you log on as one user (e.g., a member of the Users group) and run programs as a different user (e.g., a member of the Administrators group). Fortunately, Win2K's Run As command helps you minimize the risks to your administrator account. Run As to the Rescue With the Run As command, you can log on to your computer with a standard user account and run ...

Syntax Reference..

Excerpted from the Windows 2000 Online Documentation

To start an instance of the Windows 2000 command prompt as an administrator on the local computer, type: runas /user:localmachinename\administrator cmdWhen prompted, type the administrator password.

To start an instance of the Computer Management snap-in using a domain administrator account called companydomain\domainadmin, type: runas /user:companydomain\domainadmin "mmc %windir%\system32\compmgmt.msc"When prompted, type the account password.

To start an instance of Notepad using a domain administrator account called user in a domain called domain.microsoft.com, type: runas /user:user@domain.microsoft.com "notepad my_file.txt"When prompted, type the account password.

To start an instance of a command prompt window, saved MMC console, Control Panel item, or program that will administer a server in another forest, type: runas /netonly /user:domain\username "command" domain\username must be a user with sufficient permissions to administer the server. When prompted, type the account password.

Troubleshooting...

Cannot Use Run As with Share Folder Snap-in
Microsoft Knowledge Base Article: 279168 - When you try to remotely share a folder by using the Shared Folders snap-in, you may be unable to share a remote computer's folder, and you may receive the following error message: Share name share name to be created is invalid NOTE: This error message only occurs when you use the Run As feature of the MMC console.

Cmd.exe Shortcut Does Not Have Same "Run as" Behavior as Command Line
Microsoft Knowledge Base Article: 258948 - When you use the Run as command from a Microsoft default shortcut whose Start in value is set to "%HOMEDRIVE%%HOMEPATH%" (a common default for shortcuts created by Windows 2000), the command does not work and generates a "The directory name is invalid" error message. This can occur if the primary user's account has a home folder that is mapped from a server share, on which the secondary user (usually the local administrator) does not have privileges

RUNAS Command Does Not Work with UPN or Plain User Name
Microsoft Knowledge Base Article: 272472 - After you install Windows 2000 Service Pack 1, the the runas command may not work correctly (whether you use the command from a command prompt or in a script).

"Run As" Has Inappropriate Localization of "Administrator"
Microsoft Knowledge Base Article: 258163 - In the Multilanguage version of Windows 2000 Professional or Server, if you select a language other than English for the Menus and Dialogs setting, the Run As command (and other parts of the graphical user interface that present a secondary logon prompt) places the localized Administrator string in the User Name box rather than the system-defined (default English) name of the local administrator account. Because the account name (for example, "Administrateur") is not recognized, any password you use is not a valid password. If you change the localized administrator account to the English "Administrator" account, the password is recognized.

Runas Utility Uses Default Profile When Invoked from Command Prompt If Not Using the /profile Switch
Microsoft Knowledge Base Article: 254094 - When you use the Runas utility without the the /profile option from a command prompt, the default user profile is used instead of the profile of the impersonated user.

Windows 2000 Secondary Logon (Run As) Does Not Work from a Domain Controller
Microsoft Knowledge Base Article: 244429 - When you type a valid user name and password in the the Run As Other User dialog box on a domain controller, you may receive the following error message: Unable to logon: Logon failure: unknown user name or bad password.

This site and its contents are Copyright 1999-2003 by LabMice.net. Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with LabMice.net. The products referenced in this site are provided by parties other than LabMice.net. LabMice.net makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.