Runas command-line tool
The Runas command is a great command-line tool that gives you the capability to run applications using the credentials of another user but watch out as you may be compromising security of the Windows 7 system. For instance, with the Runas command you can allow a standard user on a Windows 7 system to run applications that require administrator privileges.
The syntax of this command is best described using an example, for example, to run the program myapp.exe with some parameters /options, as user John use the following command:
runas /user:John “myapp.exe /options”
However, note that when you issue this command, you need to enter the password of John. Then, the application would run in John’s security context. The default setting loads the target user’s profile while, you can use the /profile option to make sure that the user profile is loaded. On the other hand, the /noprofile option stops the user profile from being loaded. To overcome the need of entering the target user’s password every time you run the command, you can use the /savecred option.
The /savecred option allows you to save the credentials of the target user account. You have to enter the password the first time you use the /savecred option. The saved credentials are stored within the Windows Vault and can be managed using Credential Manager. To use the runas with the /savecred option, use the command:
runas /savecred /user:John name “myapp.exe /option”
Note, that you cannot use the Runas command to execute an application that requires elevation if the target user account is configured to prompt for consent or prompt for credentials! You can use the Runas command to execute an application that requires elevation if the target user account is the built-in administrator account. Remember, that the built-in account is disabled by default but it can be enabled through Group Policy. Then you can use the /savecred option to save the local administrator account credentials so that they can be used automatically in the future. For example, you can run the Local Group Policy editor console from a standard user account as follows:
runas /user:administrator “mmc gpedit.msc”
Note, that saving the local administrator account credentials in the Windows Vault may pose a security risk so be careful when doing this.