Using runas to run netsh as administrator

windows-7 uac runas netsh
26,261

There's a difference between being logged in to an account that is part of the administrators group and running either (a) elevated or (b) as the builtin Administrator account.

Anytime you run as Administrator, you are always elevated -- by definition. So if you run /user:administrator that window will be elevated when it opens, you WON'T get a UAC prompt and the netsh command should run.

But because the builtin Administrator account always runs elevated and doesn't generate UAC prompts from runas, it's a security risk, especially if it doesn't have a password. That's why Microsoft disables the Administrator account by default and requires that you enable it first:

In Windows® 7, the built-in administrator account is disabled by default. In previous versions of Windows, an Administrator account was automatically created during Out-of-Box-Experience (OOBE) with a blank password.

An Administrator account with a blank password is a security risk. To better protect the system, the built-in Administrator account is disabled by default in all clean installations and upgrades of Windows 7.

Here's how you enable it. (You can open MMC by typing "mmc" in the "Run..." box in the Start menu.)

Change the properties of the Administrator account by using the Local Users and Groups Microsoft Management Console (MMC).

  1. Open the MMC console and select Local Users and Groups.
  2. Right-click the Administrator account and select Properties.
  3. The Administrator Properties window appears.
  4. On the General tab, clear the Account is Disabled check box.
  5. Close the MMC console.

Also, be aware that runas does NOT allow you to pass arguments to the program you run:

RUNAS USAGE:

RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
        /user:<UserName> program

RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
        /smartcard [/user:<UserName>] program

RUNAS /trustlevel:<TrustLevel> program

If you'd like to run a command elevated under your own userid or if you'd like to pass arguments, you need a genuine sudo or su (like this one, part of my own Hamilton C shell :) with an interlude marked in the application manifest as requiring elevation. If you do it that way, you will see a UAC prompt.

Share:
26,261

Related videos on Youtube

jhfrontz
Author by

jhfrontz

(my about me is currently blank)

Updated on September 18, 2022

Comments

  • jhfrontz
    jhfrontz almost 2 years

    I'm trying to do some debugging for a vendor on a Windows 7 machine. I need to run netsh to set a parameter. I've tried to run it from a cygwin/shell window but get a "Run as administrator" failure.

    Googling around, I see that there is a runas command that seems to work like sudo. Since my user account (me) is an administrator, I try runas /user:me "netsh ..." I get a prompt for me's password; I enter it; netsh (presumably running in a new cmd window) flashes open and closed; and I get a successful return from the command (i.e., $? == 0).

    But apparently that's not good enough since the parameter was unchanged. I finally got around this by doing "run as administrator" on a shortcut to the shell (and then ran netsh normally).

    What's the trick to make Windows/runas realize that me really is an administrator?

  • jhfrontz
    jhfrontz over 11 years
    Hmm, OK, thanks. I thought I saw somewhere that if I quoted stuff, I could pass arguments. So if that doesn't work-- if I instead create a batch file that just executes its arguments and mark it with the "run as administrator" setting, does that approximate sudo?
  • Nicole Hamilton
    Nicole Hamilton over 11 years
    You could certainly run a .cmd file as Administrator by right-clicking and selecting that or by using the runas command. But you can't mark it as requiring elevation because it's not an .exe that could have a manifest. To add a manifest to an .exe, use the manifest.exe utility supplied with the Windows SDK that comes with Visual Studio.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Opening a program as a different user (with /savecred) fails
"Run As Administrator" on program right click failing and not launching program
Cause a UAC popup from commandline without custom tools
How do I configure my application to run as administrator automatically?
Saving Excel Add-In in Windows 7
How do I run a task using schtask with privileges?
What are the differences in permissions between domain admin on member computer and local admin?
Give admin privilege with a fully limited user windows 7 professional
WinRAR context menu's "Extract here" does not work in Windows 7
right click on program > "%1" %* instead of run