I used to use a tool called lsrunase which worked like runas but allowed you to insert an encrypted password into the command line. It seems to be part of the Lanweeper premium version now, it used to be freeware. Maybe someone knows if there is a freeware version still available. Or there are probably other similar freeware apps to accomplish the same thing.
Also, since savvy users could use the encrypted password with lsrunase to accomplish other tasks, I used to make a batch file to start the desired app with lsrunase, then used a freeware cmd2exe or bat2exe program to make an exe file that they couldn't as easily pick the username and encrypted password from. Kludgy but it did work. -----Original Message----- From: Andy Ognenoff [mailto:[email protected]] Sent: Tuesday, May 12, 2009 4:08 PM To: NT System Admin Issues Subject: RE: Runas - local account when joined to domain The user we are running it with is a local account though - and we don't tell the users the pw for that account, which is why we want it cached. This isn't looking good, is it? :( - Andy O. ________________________________________ From: Christopher [mailto:[email protected]] Sent: Tuesday, May 12, 2009 2:25 PM To: NT System Admin Issues Subject: Re: Runas - local account when joined to domain Try it without the /savecred option. I don't think you need that for what you are trying to do. AFAIK, that option will allow you to runas a user that already has domain credentials cached on the machine when the domain controller is not available.. So I'm guessing what happens is that when you use that option, yet specify a local account (or any domain account without cached credentials - it realizes there are no cached credentials for the username you specified so it tries to find a domain controller to authenticate the account. On Tue, May 12, 2009 at 1:59 PM, Andy Ognenoff <[email protected]> wrote: XP only. Command looks like this: runas /noprofile /savecred /env /user:machinename\username executablename Works fine when in a workgroup or when joined to a domain and a DC is available. - Andy O. ________________________________________ From: Christopher [mailto:[email protected]] Sent: Tuesday, May 12, 2009 1:25 PM To: NT System Admin Issues Subject: Re: Runas - local account when joined to domain Are we talking XP or Vista here? What method are you using to do the Run as? On Tue, May 12, 2009 at 1:12 PM, Andy Ognenoff <[email protected]> wrote: I tried both .\username and machinename\username - neither worked. - Andy O. ________________________________________ From: Christopher [mailto:[email protected]] Sent: Tuesday, May 12, 2009 1:09 PM To: NT System Admin Issues Subject: Re: Runas - local account when joined to domain I believe your problem is that it assumes any account is a domain account unless you specify it as a local account, such as u...@mymachine or mymachine\user. Try that and see if it works. On May 12, 2009 12:53 PM, "Andy Ognenoff" <[email protected]> wrote: My google-fu is failing me today and this issue has never come up before for me. I've got a couple applications that we have regular users run (non-admin) that require elevated privileges so we use runas with another local user account that has perms just for the stuff it needs and then we cache those credentials. Since moving to Active Directory, none of the runas commands work if a DC can't be found (mobile users) even though the runas command is using a local account. It says no logon servers are available. Any ideas on how to get around this? - Andy O. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ Confidentiality Notice: ---------------------------------- This communication, including any attachments, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
