GUI-Based RunAs




Click here for a larger image.

Environment: VC6 SP5, Win2k, Platform SDK

To launch a program under another user context, Win2k provides a command line tool called RunAs. And in December of last year, there was an article posted on the codeguru site that give a similar functionality with source code. I noticed someone asked if there was a GUI-based RunAs, so I wrote one myself. And, according to the axiom "do not recreate the wheel," I extracted code from this site and other books.

The main purpose of this utility is saving you typing, and of course, a more friendly user interface. Besides,

  • You can choose the target desktop on which you want the program to run. I provide the desktop list dialog; you just need to double-click it.
  • The button to the left of the password edit box permits you to test your username-password pair correctness.
  • The button to the right of the user name edit box will lead to a local machine user list dialog box; you can just choose the user by double-clicking.
    CreateProcessAsUser and LogonUser need the following four privileges: SeIncreaseQuotaPrivilege, SeAssignPrimaryTokenPrivilege, SeChangeNotifyPrivilege, and SeTcbPrivilege. By default, the administrator does not have these privileges. You can use the bottom Privilege button to pop up a dialog, set these privileges, and relog yourself. (Yes, you need to relog.) If you dislike this, please go to http://www.codeguru.com/misc/CmdAsUser.html contributed by Martyn "Ginner" Brown.
  • When you leave the username and password empty, the program will be launched as "SYSTEM" account.

There is a short list of often-used programs you can choose to "RunAs". The inside code uses the LSA family API to cope with the account privilege, and uses LogonUser and CreateProcessAsUser to do the work. When you ask for a launch as "SYSTEM", more work needs to be done -- open the system process, adjust its token by adding TOKEN_DUPLICATE, TOKEN_ASSIGN_PRIMARY, TOKEN_QUERY right, and reopen it.

In the end, I would like to thank the book Programming Server-Side Applications for Mircosoft Windows 2000 from Microsoft Press, 1999. This program's backbone code is from the sample of the book.

Last note, you need a ReLog to use this utillity. If you add the needed privilege, please push the privilege button first to confirm your current privilege, and it will log you off if you like.

Downloads (MFC Library Dynamic Linked)

Download demo executable file - 26 Kb
Download source - 53 Kb


Comments

  • Do you know a similar tool that runs under nt?

    Posted by Legacy on 12/05/2003 12:00am

    Originally posted by: Susana Sousa

    Hi,

    I tested your tool and think it is great! But I have two problems:
    It didn't work when I was not logged on locally on my machine but under a domain... it said I didnt have the necessary permissions...
    The thing is I need to run a .exe file on stations under a certain domain that don't have the administrator logged on although I would like to do this as an administrator (I have the administrators password). Besides, I would need to do this on windows nt.
    Do you have any idea how can I do this.

    Thanks,
    Susana Sousa

    Reply
  • Works on XP/2003

    Posted by Legacy on 10/07/2003 12:00am

    Originally posted by: Urguwno

    This works great under XP/2003.

    I'm using terminal services and I cannot get the following to work though:

    1) I cannot spawn a process under another user's session. The "Desktop" drop-down is nice, but I don't understand the point if there isn't a way to select another session.

    2) The utility is unable to launch a process as the system account within an RDP session.

    Reply
  • Windows XP problem.

    Posted by Legacy on 08/16/2003 12:00am

    Originally posted by: Peter Hendrix

    Hi,

    I have set the privileges to the right values.
    I am logged on to a domain as user 'peterh'. Now I start a program (notepad) as the local administrator. It starts, but I only see a thin line and the view is not visible in the right way.

    Has anyone had this problem also?

    Regards,
    Peter.

    Reply
  • I got it to work!!

    Posted by Legacy on 02/10/2003 12:00am

    Originally posted by: Adam Bent

    I had the same problem as the previous person mentioned but I figured out that the program changes the LOCAL administrator account so that it can perform the required operations. After the program sets these options and logs you off you will need to log back on as the LOCAL adminstrator! Once I did this it worked fine.

    Reply
  • I tried this ... It doesn't work

    Posted by Legacy on 01/28/2003 12:00am

    Originally posted by: EllisZ

    Even with the privledges specified this does not work.

    To see;
    Create an account as a regular user account.

    Attempt to login as an admin.

    Execute cmd.exe.

    Check who your current user context is. It's not the admin.

    Reply
  • Test - ignore this post

    Posted by Legacy on 12/11/2002 12:00am

    Originally posted by: Webmaster

    This post is a test. Please ignore.

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand Event Event Date: September 10, 2014 Modern mobile applications connect systems-of-engagement (mobile apps) with systems-of-record (traditional IT) to deliver new and innovative business value. But the lifecycle for development of mobile apps is also new and different. Emerging trends in mobile development call for faster delivery of incremental features, coupled with feedback from the users of the app "in the wild." This loop of continuous delivery and continuous feedback is how the best mobile …

  • As mobile devices have pushed their way into the enterprise, they have brought cloud apps along with them. This app explosion means account passwords are multiplying, which exposes corporate data and leads to help desk calls from frustrated users. This paper will discover how IT can improve user productivity, gain visibility and control over SaaS and mobile apps, and stop password sprawl. Download this white paper to learn: How you can leverage your existing AD to manage app access. Key capabilities to …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds