How to run domain admin tasks without being logged in as an administrator

My problem was I did not want to always “Run As…” all my important admin programs and mmc snap-ins all day because i didnt log on as an admin. It simply took up alot of my time and it frustrated me. What i really needed was a way to automatically (and securely) load all my administrative programs without having to enter any user names or passwords. Well i have a solution for anyone that had the same pain as i did.

The solution started off with the Free Elevation PowerToy found here where i used the elevation files in their original way, however i altered the original registry keys that go in the context menus along with the elevate.vbs to cater for certain anomalies.

A couple of the problems i came across were:

  • MSC shortcuts that started with the %systemroot%\System32\mmc.exe and had parameters trailing the msc file the original script would fail (eg. %SystemRoot%\system32\mmc.exe %SystemRoot%\system32\dnsmgmt.msc /s)
  • EXE programs that could not load when provided a parameter value of “” (eg. regedit.exe)

How it works?

  1. Right click on an EXE or an MSC file and click “Run as %username%” where %username% is the name you specified during install of the script
  2. That runs a command similar to runas.exe /savecred /noprofile /user:domain\user “elevate.cmd command parameter”
  3. A command prompt will either a. prompt for that user names password or b. load the saved credentials and continue processing.
  4. That executes elevate.cmd which collects the original command along with any parameters and parses it to elevate.vbs on Windows Vista/7. For windows XP is simply uses RUNAS (added functionality based on request).
  5. This then grabs the parameters and loads the application in elevated mode

Shows the files that make up the ElevateAsMe along with context menu
Shows the files that make up the ElevateAsMe along with context menu

Shows context menu when you right click on an MSI or MSP file
Shows context menu when you right click on an MSI or MSP file

Shows context menu when you right click on an MSC snapin file
Shows context menu when you right click on an MSC snapin file

Shows context menu when you right click on a folder or drive
Shows context menu when you right click on a folder or drive

Shows context menu when you right click on an .exe file
Shows context menu when you right click on an .exe file

Installation

To install this little add-on you need to do the following:

  1. Download the zip file on this page and extract it
  2. Run install.bat.
    1. For Windows XP you must be logged on as an Administrator
    2. For Windows 7 you need to run a CMD as Administrator, then navigate to the source directory and run install.bat from there (otherwise it will try and copy the contents of the Windows\System32 directory to the %temp% folder)
  3. Follow the prompts to install the software.

Old Instructions:
Open the ElevateAsMe.inf file and scroll to the bottom, change the user name and the domain name to correspond to your network
Install the ElevateAsMe.inf by right clicking and selecting Install. Note you can only install one version of this script because some naming in the registry conflicts. Part of it cannot be fixed based on how Windows uses elevation.

Uninstallation

You can remove the software through Add/Remove programs. A manual removal is easy by following the details in the ElevateAsMe.inf file.

Notes

Please comment if any part of the script does not work, or fails with certain applications. I would be happy to try and resolve them so we can all benefit from it.

Downloads

Current Version:
ElevateAsMe V2.2.0Recently Updated to support Windows XP and now has an install.bat for easy installation

Old Versions:
ElevateAsMe V2.1.2

http://technet.microsoft.com/en-us/magazine/2008.06.elevation.aspx

15 thoughts on “How to run domain admin tasks without being logged in as an administrator”

  1. Very helpful, Thanks!
    But I think there is a litlle bug in the elevate.vbs:

    line 59 is ‘If strArguements = “” Then’ and should be ‘If strArguments = “” Then’

    (an ‘e’ too much). It works with the little mistake and I’m wondering if the whole if-statement is really needed…

    Regards from Germany

    Reply
    • Nicely spotted. I have stopped using the script myself, but will update the code nevertheless.
      Whether the statement is needed – not sure, i would need to investigate, and again i have stopped working on this script myself.

      Reply
  2. Hello,

    is there a way to add “multiple” administrator accounts to the context menu? So i can start a mmc as “domainA\administrator” or “domainB\administrator” or “domainX\administrator”?

    Regards and thank you for the great tool

    Reply
    • Hi Marc,

      I’m glad you enjoyed it. As for adding multiple users, Yes you can do it but it has to be manually added to the install file, and run again. The changes you need to do are:
      Extract files 3 times – you will run the install 3 times (with individual accounts)
      Open ElevateAsMe.inf files (all 3 versions) and modify the following:
      HKCR,exefile\shell\RunAsEXE needs to be HKCR,exefile\shell\RunAsEXE1, HKCR,exefile\shell\RunAsEXE2 & HKCR,exefile\shell\RunAsEXE3 (save to each extracted version respectively)

      Do the same for:
      HKCR,mscfile\shell\RunAsMSC
      HKCR,Directory\Shell\PowerShellHereAsAdmin
      HKCR,Drive\Shell\PowerShellHereAsAdmin
      HKCR,Directory\Shell\RunAsCMDPrompt
      HKCR,Drive\Shell\RunAsCMDPrompt

      A Find/Replace should work but I have not tested it. If you are still unsure then let me know. I might have time to change the script to accommodate additional domains.
      Regards,
      Ivan

      Reply
  3. Yes, that is the point of this little program. Once you type your password in once in the CMD prompt, it will save it in Control Panel -> User Accounts -> Advanced -> Manage Passwords section.

    It will then use that password every time you use the shortcut in the context menu.
    Remember this app has to be installed as the administrator first.

    If you are still having problems, please let me know how you have installed the script and what you are getting stuck with.

    Reply
    • The script is written for providing elevated privileges which is a feature only used in Windows Vista and Windows 7. For Windows XP you simply need to run these scripts with the RUNAS command. It should be fairly easy to modify the script to support it. Let me know if you need a hand with it?

      Reply
        • I have updated the script for you. It now support Windows XP installation (provided you are logged in as local administrator at the time) and installs different set of instructions for Windows XP.

          This script works with Elevated Privileges which does not exist in Windows XP, so all the script does for Windows XP is use RUNAS for the commands.

          If there are any problems with them please let me know. My testing was limited.
          Ivan

          Reply
          • Thank you. Is it possible to remember a password in this program?
            I would like not to have to write my password every time.
            Iwona

  4. Have since updated this tool with a minor fix – V2.1.2 now resolves problems with execution EXE file paths with spaces, so program files will now work! 🙂

    Reply
  5. Thanks! This was actually very useful… I use Runas constantly and this solved an issue I was having with perl!

    Reply

Leave a Reply to MarcCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

QR Code Business Card