| |
 |
| |
| |
| 
|
Windows 2000 Secondary Logon
(Run As) |
| It
is good practice for administrators to use an
account with restrictive permissions to perform
routine, non-administrative tasks, and to use
an account with broader permissions only when
performing specific administrative tasks. To
accomplish this without logging off and back
on, log on with a regular user account and use
the runas command to run the tools that require
the broader permissions. |
| Where to Start... |
|
|
HOW TO: Use the Run as Command to Start
a Program as an Administrator
Microsoft Knowledge Base Article: 301634
- This step-by-step article describes how
to use the Run as
command. Secondary Logon
(Run As): Starting Programs and Tools
in Local Administrative Context
Microsoft Knowledge Base Article: 225035
- Windows 2000 secondary logon allows
administrators to log on with a non-administrative
account and still be able to perform administrative
tasks (without logging off) by running
trusted administrative programs in administrative
contexts.
Step-by-Step
Guide to Using Secondary Logon in Windows
2000
This technical step-by-step guide provides
examples of using the secondary logon
feature, the Run as service, in the Windows® 2000
operating system. Secondary logon allows
administrators to avoid having to log
on with an administrative account for
each task. Instead, secondary logon enables
administrators to log on with an ordinary
user account and then start trusted administrative
tools in the context of the administrator's
account without logging off. A user with
multiple credentials can start applications
under different credentials without needing
to log off.. Source: Microsoft.com
(March 3, 2000) |
Using Windows 2000's Run As Command
Using Windows 2000's Run As Command Windows 2000
(Win2K) includes a Run As command that lets you
log on as one user (e.g., a member of the Users
group) and run programs as a different user (e.g.,
a member of the Administrators group). Fortunately,
Win2K's Run As command helps you minimize the
risks to your administrator account. Run As to
the Rescue With the Run As command, you can log
on to your computer with a standard user account
and run ... |
| Syntax Reference.. |
| Excerpted
from the Windows 2000 Online Documentation
To start
an instance of the Windows 2000
command prompt as an administrator
on the local computer, type: runas
/user:localmachinename\administrator
cmd When prompted,
type the administrator password.
To start an instance
of the Computer Management snap-in
using a domain administrator account
called companydomain\domainadmin,
type: runas /user:companydomain\domainadmin "mmc %windir%\system32\compmgmt.msc"
When prompted, type the account
password.
To start an instance
of Notepad using a domain administrator
account called user in a domain
called domain.microsoft.com,
type: runas
/user:user@domain.microsoft.com "notepad
my_file.txt" When
prompted, type the account password.
To start an instance
of a command prompt window, saved
MMC console, Control Panel item, or
program that will administer a server
in another forest, type: runas
/netonly /user:domain\username
"command" domain\username
must be a user with sufficient permissions
to administer the server. When prompted,
type the account password.
|
|
| Troubleshooting... |
Cannot Use Run As
with Share Folder Snap-in
Microsoft Knowledge Base Article: 279168 - When
you try to remotely share a folder by using the
Shared Folders snap-in, you may be unable to share
a remote computer's folder, and you may receive
the following error message: Share
name share name to be created is invalid
NOTE: This error message only occurs when
you use the Run As feature of the MMC console.
Cmd.exe Shortcut
Does Not Have Same "Run as" Behavior as Command
Line
Microsoft Knowledge Base Article: 258948 - When
you use the Run as command from a Microsoft default
shortcut whose Start in value is set to "%HOMEDRIVE%%HOMEPATH%"
(a common default for shortcuts created by Windows
2000), the command does not work and generates
a "The directory name is invalid" error message.
This can occur if the primary user's account has
a home folder that is mapped from a server share,
on which the secondary user (usually the local
administrator) does not have privileges
RUNAS Command Does
Not Work with UPN or Plain User Name
Microsoft Knowledge Base Article: 272472 - After
you install Windows 2000 Service Pack 1, the the
runas command may not work correctly (whether
you use the command from a command prompt or in
a script).
"Run As" Has Inappropriate
Localization of "Administrator"
Microsoft Knowledge Base Article: 258163 - In
the Multilanguage version of Windows 2000 Professional
or Server, if you select a language other than
English for the Menus and Dialogs setting,
the Run As command (and other parts of
the graphical user interface that present a secondary
logon prompt) places the localized Administrator
string in the User Name box rather than
the system-defined (default English) name of the
local administrator account. Because the account
name (for example, "Administrateur") is not recognized,
any password you use is not a valid password.
If you change the localized administrator account
to the English "Administrator" account, the password
is recognized.
Runas Utility Uses
Default Profile When Invoked from Command Prompt
If Not Using the /profile Switch
Microsoft Knowledge Base Article: 254094 - When
you use the Runas utility without the the /profile
option from a command prompt, the default user
profile is used instead of the profile of the
impersonated user.
Windows 2000 Secondary
Logon (Run As) Does Not Work from a Domain Controller
Microsoft Knowledge Base Article: 244429 - When
you type a valid user name and password in the
the Run As Other User dialog box on a domain
controller, you may receive the following error
message: Unable to logon:
Logon failure: unknown user name or bad password.
|
| _files/serve.gif)
|
|
|
|
|
|
