This post is from my old blog on WordPress.com, but it is something that is useful so I am copying it to here for your reading pleasure and use.
In our district the school technology support professionals have a limited account and an administrative account in the Active Directory. While most of the time I can administer my campus and users from the limited account, there are times when I need to access the administrative account for just one thing. An example of this is looking up a staff or student ID for a program they need access to.
In this case the steps for this simple thing are:
- logging off
- logging into the admin account
- running the program to look up the ID
- doing the look up
- logging off
- logging back into the limited account
- adding the user into whatever I need to
Now, that is way too much to do for something so simple. So, my solution is to use “runas” in a batch file to run the program I need as the admin account. This saves all the wasted steps, while letting me be secure in my limited account. Security, plus ease and working smarter is what it’s all about.
So, what does the batch file look like? Here it is:
runas /user:adminusername@domainname “C:Directory pathFilename [any commands to send to the program]”
Okay, now here is a visual example:
runas /user:firstname.lastname@example.org “C:Program FilesInternet Exploreriexplore http://mysite/admin”
The batch file will open a command window to ask you to input the admin password and if the password is correct it will launch Internet Explorer to the web site mysite/admin as the admin account with admin privileges. When you exit IE it drops the admin privileges so the next time you open IE it will be as the limited user account you are logged in as.
The time this saves me is invaluable. Try it, you’ll like it. If you would like to read about the runas command at Microsoft click here