What I do now is not satisfactory, but I'll get to that in a few moments...
Currently I log into my machine with non-elevated user credentials. I have a text file with all of the incantations I need - I stuck it in my startup folder, so that it's always there. Each one is in the form of: runas /netonly /user:[email protected] "C:\Windows\system32\mmc.exe \"C:\Program Files\Microsoft\Exchange Server\V14\Bin\Exchange Management Console.msc\"" I run a cmd session elevated with the local administrator password. One problem with that is that some of the RSAT tools won't launch unless the session is elevated with a domain account, which baffles me, but I haven't figured out a way around it. What's the better way? Create a PAW (Privileged Access Workstation), and log in with your admin credentials. Use a VM on your PAW (or in your VM farm) to do non-privileged tasks, as a non-privileged user. I'm trying to find time to do that, but it's very hard, because I have so many projects on my plate - but here are the foundational docs for this effort: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations https://gallery.technet.microsoft.com/Privileged-Access-53a4673a Kurt On Thu, Sep 21, 2017 at 6:48 AM, Heaton, Joseph@Wildlife <[email protected]> wrote: > So, in Win 7, I had installed RSAT tools, and I had the shortcuts setup so > that when I double-clicked it, it would run as administrator, I’d be > prompted by my privilege elevation software, put in my admin credentials and > away I went. I did not have to use the runas command in the shortcut to > make this happen. Now, in Win 10, I can’t for the life of me get this > working. If I go to the Advanced button in the shortcut, and choose Run as > Administrator, nothing happens. The tool opens using my logged in > credentials, not prompting me for my admin creds. If I do put in the runas > command, I end up having to enter my credentials twice, once for my > privilege elevation software, once in a command window that opens up. > > > > Anyone know of a better way of doing this? > > > > Joe Heaton > > Information Technology Operations Branch > > Data and Technology Division > > CA Department of Fish and Wildlife > > 1700 9th Street, 3rd Floor > > Sacramento, CA 95811 > > Desk: 916-323-1284 > >
