Using the runas command with MMC

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using the runas command with MMC

It is good practice for administrators to use an account with restrictive permissions to perform routine, nonadministrative tasks, and to use an account with broader permissions only when performing specific administrative tasks. To accomplish this without logging off and back on, log on with a regular user account, and then use the runas command to run the tools that require the broader permissions.

With the runas command, you can run programs (*.exe), saved MMC consoles (*.msc), shortcuts to programs and saved MMC consoles, and Control Panel items. You can run them as an administrator while you are logged on to your computer as a member of another group, such as the Users or Power Users group.

You can use the runas command start any program, MMC console, or Control Panel item. As long as you provide the appropriate user account and password information, the user account has the ability to log on to the computer, and the program, MMC console, or Control Panel item is available on the system and to the user account.

With the runas command, you can administer a server in another forest (the computer from which you run a tool and the server you administer are in different domains).

If you try to start a program, MMC console, or Control Panel item from a network location using runas, it might fail because the credentials used to connect to the network file share are different from the credentials used to start the program. The latter credentials may not be able to gain access to the same network file share.

Some items, such as the Printers folder and desktop items, are opened indirectly and cannot be started with the runas command.

If the runas command fails, the Secondary Logon service might not be running or the user account you are using might not be valid. To check the status of the Secondary Logon service, in Computer Management, click Services and Applications, and then click Services. To test the user account, try logging on to the appropriate domain using the account.

For details about the runas command, see Runas.