Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Blogs

Running Least-Privilege: Quick'n'Dirty RunAs Batch File

  • Comments 2
  • Likes

This is just a quick CMD file that automates some frequently-used manual steps that I perform when running as a regular user - I have it saved as RNAS.CMD in my Documents and Settings\TristanK folder (as that's where CMD defaults to for me).

@echo off
if "%1" == "" goto Default

runas /user:MyMachine\LocalAdmin %*
goto End

:Default
runas /user:MyMachine\LocalAdmin "CMD.exe /K \"CD /D \"%USERPROFILE%\""

:End

The first line (after the @echo off that removes the unsightly plumbing from display) checks to see if I've passed in any command-line parameters, and if I have, runs them as a preference, but still supplies the username. No need to keep re-typing that name...

It's set up so that if I've just typed RNAS on its own, I just want a command prompt - so it plonks me into the folder I want to be in.

The messy escaping stuff at the end of the Default line is to bring up a CMD window as Administrator, but still pointing at my User Profile folder, which it does.

The next tip is that if you've tried running things from the command line in a RunAs session, sometimes things don't work as they do for the “real” user session, so I have another batch file in the folder, called IE.CMD, which does this:

START IEXPLORE.EXE %*

This opens an instance of IE as my administrator self, which can easily be repurposed into a more traditional Explorer window, or taken to the Control Panel by typing “Control Panel” into the Address Bar.

One other that I use - CM.CMD:

START COMPMGMT.MSC

Which opens the Computer Management MMC.

It's all about the reduced typing!

Comments
  • IE Security

  • So you want to try this "non admin" thingy I keep harping about but you have this application that updates...