Windows Server Troubleshooting - Security Context

Click here to start saving with ING DIRECT!

Home | Up | Methodology | Tools | Memory | Processor | Registry | File System | Network | Active Directory | Contents

Get the Book

Major Topics
File System
Active Directory
Other Topics
Default Processes
Security Context
DLL hell
More Detail

eXpert Genealogy

Memory from

2003-2006 Team Approach Limited
All rights reserved

Wish you were someone else?

Administrators should perform normal tasks such as word processing with a user account that does not have administrative privileges. This gives the administrator a practical test of the normal user environment and prevents accidental administrative actions.

Your credentials are your user name and password. To perform administrative tasks, the administrator can logon with administrative credentials. If you are logged on with normal user credentials, you can launch administrative tools with administration credentials by using the Run As option.

Each shortcut has an advanced property option that will prompt for credentials before launching the application, as shown in the following dialog.

A shift-right-click on a program will present the Run as ... option which can be selected to provide different credentials.

From the command line, use RUNAS to launch programs with different credentials.

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/user:<UserName> program
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/smartcard [/user:<UserName>] program
/noprofile specifies that the user's profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile specifies that the user's profile should be loaded.
This is the default.
/env to use current environment instead of user's.
/netonly use if the credentials specified are for remote
access only.
/savecred to use credentials previously saved by the user.
This option is not available on Windows XP Home Edition
and will be ignored.
/smartcard use if the credentials are to be supplied from a
/user <UserName> should be in form USER@DOMAIN or DOMAIN\USER
program command line for EXE. See below for examples
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env / "notepad \"my file.txt\""
NOTE: Enter user's password only when prompted.
NOTE: USER@DOMAIN is not compatible with /netonly.
NOTE: /profile is not compatible with /netonly.