Wednesday, June 4, 2003

runas Magic




If you have followed any of the “Running as non-admin”
traffic that’s been fairly prevalent of late, you’ve probably heard of
the
runas command. Runas lets
you  launch a process with alternate credentials in the current window station.
Generally, you use this to do things like fire up a new instance of Visual Studio
under administrative credentials so you can debug ASP.NET applications or something.



Today I ran across an entirely new option: the /netonly switch.
Using it means that the credentials you supply don’t
have to be valid on the machine you’re running it on, but will still be passed
on when remote calls are made!
So
cool. Why? Because I’m doing work with Microsoft, and I need to do things against
their servers that require authentication. I don’t want to join my machine to
their domain, which means I can’t get a process running under my Microsoft domain
account. However, using this switch, I can make a process look to remote systems as
if it were running under my Microsoft domain account. This turned out to be crucially
important for getting our build process working on my machine.



The one caveat is that since it doesn’t do an actual login, it’ll
take whatever password you throw at it. Even if it’s wrong – you won’t
find out until you try to actually use those credentials.



4 comments:

  1. Some programs must be launched via runas must use the /netonly switch. Like for exampe if you want to run Active Directory Users and Computers (snapin in the mmc) you would type the following:
    runas /user:[userName] "mmc dsa.msc"
    Oh, but that is only the case when running from the start | run button.

    Then a really smart guy (John D from DeploymentCentric) I work with showed me how to run it without the /netonly switch.

    runas /u:[username] "cmd.exe /Cmmc dsa.msc"

    The problem is that the cmd window stays open in the background until you close the launched program.

    ReplyDelete
  2. Funny Fact:
    My domain account is a non-admin on my machine. The only admin account I have is the local Administrator, which obviously does not have priviledges on network resources. So, when I want to set up an app from a network share, I usually do two RUNASes.

    runas /u:LOCALMACHINE\Administrator "cmd.exe"

    and then from the command prompt that comes up:

    runas /u:MYDOMAIN\rajc /netonly "cmd.exe"

    and THEN run the setup from there.

    Note to Craig:
    I typed an XML tag here, and got a horrendous "Potentially dangerous content" error. I love ASP.NET 1.1, but a simple encode would do the trick. Do I tell you or ChrisAn ?

    ReplyDelete
  3. Re BlogX issues, post a bug on the BlogX workspace over on gotdotnet. I've been sorely tempted to modify the code myself a time or two, but I'm going to try to contribute where it'll benefit everyone.

    ReplyDelete
  4. Pingback from Twitter Trackbacks for runas Magic - CraigBlog - Pluralsight Blogs [pluralsight-training.net] on Topsy.com

    ReplyDelete