Home > Sample chapters

Windows Sysinternals Administrator's Reference: Security Utilities

ShellRunAs

In Windows XP and Windows Server 2003, you could run a program as a different user by right-clicking the program in Windows Explorer, choosing Run As from the context menu, and entering alternate credentials in the Run As dialog box. This feature was often used to run a program with an administrative account on a regular user’s desktop. Beginning with Windows Vista, the Run As menu option was replaced with Run As Administrator, which triggers UAC elevation. For those who had used the Run As dialog box to run a program under a different account without administrative rights, the only remaining option was the less-convenient Runas.exe console utility. To restore the capabilities of the graphical RunAs interface with added features, I co-wrote ShellRunAs with Jon Schwartz of the Windows team.

ShellRunAs lets you start a program with a different user account from a context menu entry, displaying a dialog box to collect a user name and password (shown in Figure 8-4) or a smartcard PIN on systems configured for smartcard logon. You can also use ShellRunAs similarly to Runas.exe but with a more convenient graphical interface. None of ShellRunAs’ features require administrative rights, not even the registering of context menu entries. ShellRunAs can be used on Windows XP or newer.

Figure 8-4

Figure 8-4 ShellRunAs prompting for user credentials.

ShellRunAs also supports the Runas.exe netonly feature, which was never previously available through a Windows GUI. With the netonly option, the target program continues to use the launching user’s security context for local access, but it uses the supplied alternate credentials for remote access. (See Figure 8-5.) Note that a console window might flash briefly when ShellRunAs starts a program with netonly.

Figure 8-5

Figure 8-5 “Run As Different User” options added to the Explorer context menu.

The valid command-line syntax options for ShellRunAs are listed next, followed by descriptions of the command-line switches:

ShellRunAs /reg [/quiet]

ShellRunAs /regnetonly [/quiet]

ShellRunAs /unreg [/quiet]
  • /reg Registers Run As Different User as an Explorer context menu option for the current user. (See Figure 8-5.)

  • /regnetonly Registers Run As Different User (Netonly) as an Explorer context menu option for the current user.

  • /unreg Unregisters any registered ShellRunAs context menu options for the current user.

  • /quiet Does not show a result dialog box for registration or unregistration.

ShellRunAs [/netonly] program [arguments]
  • This syntax allows the direct launching of a program from the ShellRunAs command line. With /netonly, you can specify that the credentials collected should be used only for remote access.