Method #1
General note that might make things easier for other people if they don’t know this keen trick. Right-click on an Internet Explorer 6 shortcut while holding down Shift, go up to ‘Run as…’. Use an admin log in (local or your own) and then use the IE window to go to My Computer or C: or Control Panel or Desktop and you can have Admin privileges without having to annoyingly log off the user.
This is convenient for not having to get people to login over and over again. It’s also convenient for taking care of problems (installing software, moving to AD, etc) that requires admin privileges without having to log a person off if remote desktop is not available and not to mention faster.
Method #2
In the case that the user has Internet Explorer 7 installed, the above trick will not work or it will not work as easily because of IE7’s sandboxing method. Instead, go to Start, Run and enter:
runas /env /user:{domainusername} “C:WINDOWSexplorer.exe /separate”
This second method will also work with IE6 installed, but the first method is just faster without the need to memorize any commands.
In either case, if you have an executable, you can hold Shift, Right-click on it and do a “Run As…” with a prompt to provide a log-in. It won’t work for .msi files when trying to install something, but just use either of the above tricks to run the .msi from an Admin level Explorer window with the: runas /user:{domain}{username} “C:Windowsexplorer.exe /separate” command and then browse and double-click the .msi file.
Another tip to improve upon this even more, is to throw the command from the second method into a .cmd file that you can invoke just by double-clicking the file. Put it on your jump-drive or somewhere equally convenient (machine image perhaps?) and that way you don’t have to memorize that command or key it in every time.
Method #3
In the case that you are trying to create batch files for users to run, but the batch file invokes a command or accesses a folder that only Admin’s can normally access, you’ll need a version of the Run As that allows you to provide a password in the command. But, if the user is able to run the command, they could also open it in Notepad and view the command and obviously the password there.
In order to use this method, I use another tool called lsrunase.exe It allows you to pass an encrypted password along with the command. You can get the file from here. It will consist of the lsrunase executable and another executable used to encrypt the password.
Use this command:
“\serversoftwarelsrunase.exe” /user:UserName /domain:Domain /password:EnCrYpT3dPaSsWoRd /runpath:\serversoftwaretools /command:”printmig.exe -b c:printers.cab”