see also:http://ss64.com/nt/runas.html
RUNAS
Execute a program under a different user account.
Syntax RUNAS [/profile] [/env] [/netonly] /user:user Program Key /profile Option to load the user's profile (registry) /env Use current environment instead of user's. /netonly Use the credentials specified only for remote connections. /user Username in form USER@DOMAIN or DOMAIN\USER (USER@DOMAIN is not compatible with /netonly) Program The command to execute
Enter the password when prompted.
When you start a program with RunAs /netonly, the program will execute on your local computer as the user you are currently logged on as, but any connections to other computers on the network will be made using the user account specified.
Without /netonly everything will run under the user account specified.
RunAs from Windows Explorer
Select an executable file, Shift-Right-click and select Run As..
This option can be hidden by setting
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HideRunAsVerb=1
ErrorLevel
The error level (%ERRORLEVEL%) returned by RunAs in Windows XP and above: success=0, failure=1
Examples
Run mycommand.exe as the user Jdoe on domain SS64dom
Runas /user:SS64Dom\jDoe "mycommand.exe"
Run CMD.exe as the Administrator on the local machine:
Runas /profile /user:DELLPC218\administrator CMD
Run Notepad.exe as the Domain Administrator on domain SS64dom
Runas /profile /env /user:SS64Dom\administrator NOTEPAD
Run Notepad.exe and open a file, escape the quote characters around the filename with \
Runas /env /user:jDoe@swest.ss64.com "NOTEPAD \"my file.txt\""
Notes:
The backslash \ is NOT the standard escape character used by other CMD commands.
RunAs Reqires the "Secondary Logon" service to be running.
“He who reigns within himself, and rules passions, desires, and fears, is more than a king” - Milton
Related:
AT - Run a command on a remote machine (at a scheduled time)
Aaron Margosis - Running with least privilege
joeware.net - CPAU (Create Process As User) like RunAs but with an options to encrypt the password.
PsExec - Execute process remotely
Powershell: you can run an entire powershell session via RunAs to elevate your permissions.
Equivalent bash command (Linux): SU - Switch User
利用RunAs命令解决远程管理中的权限问题
1、命令格式:RunAs/netonly/user:域名或计算机名\用户名命令
【说明】
(1)/netonly参数表示其后指明的用户身份,仅在网络访问时才使用。
(2)最后跟的命令中若带参数,有空格,需要用引号括起来。
如:RunAs/netonly/user:Server1\administrator“shutdown/m\⏺.63.243.1/s/t 600”
又如:想利用远程“计算机管理”,又不想修改本地管理员口令,可以:
RunAs/netonly/user:Server1\administratormmc.exe
这个没有空格,不用括起来。命令运行后将弹出MMC控制台,手动添加“计算机管理(目标IP)”。这个阶段相当于是以本地管理员身份来做这些事情,只有真正连过去进行远程“计算机管理”操作时,才是以目标机的管理员身份,这就是/netonly参数的用途。
(3)注意:利用MMC创建目标机的“计算机管理”的.msc工具,再在图形界面下Shift+右键/运行方式,进行二次登录的方式是行不通的。出错提示为:无法打开“目标IP”上的服务控制管理器数据,错误5:拒绝访问。
2、回车后,将提示输入目标计算机\用户口令,键入口令后,命令将在本地或目标计算机上执行。