Updated: 9/1/06; 9:34:01 AM.
Ted's Radio Weblog
Mission: Interoperable. Competition breeds Innovation. Monopolies breed stagnation. Working Well with Others is Good.
        

Thursday, August 17, 2006

When running Windows, you should always run as the "Least Priviledged User" to do the tasks you need. If your user context doesn't have the rights to mess with most of the system settings, some evildoing script in the compromised javascript, jpeg, word doc, html page, worm, virus, trojan or other Windows nastie won't have those rights either.

However, sometimes you need to run a simple command that requires system priviledges. Logging in and out or switching users is too much hassle. For this, I created a shortcut on the desktop and labeled it "RootShell." (Bear in mind when you run commands from this shell that you have nearly complete control of the machine. With great power comes great responsibility.) The shortcut links to a batch file with the command:

runas /noprofile /env /user:MyMachine\MyAdmin cmd

UPDATE: There ought to be a backslash between MyMachine and MyAdmin. My blogging software helpfully deleted it. Grrr.

This batch file runs the command interpreter (cmd) as user "MyAdmin." (Supply your own settings for 'MyMachine' and 'MyAdmin'. In domain- and ActiveDirectory-controlled networks, the syntax will be slightly different for specifying the user. Type HELP RUNAS at a command shell for guidance.)

Double-clicking the icon opens a command shell and prompts for the administrator's password. Get it correct, and the shell runs yet another shell in which you can type the commands you need to run. Get it wrong and it closes.

Handy and quick.
10:12:42 AM    comment []


© Copyright 2006 Ted Roche.   

Creative Commons License This work is licensed under a Creative Commons License.

  

 

August 2006
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Jul   Sep


Click here to visit the Radio UserLand website.

Subscribe to "Ted's Radio Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Blogroll
miniXmlCoffeeMug.gif miniXmlButton.gif Byte