Windows Runas Command- Execute Programs with Different User Account

runas is a special command which is used to run or execute applications with different permissions and users. The application will be executed differently from the current user or login user. Runas first provided with the Windows Vista operating system and later adopted to all modern Windows operating systems like Windows XP, Windows 7, Windows 8, Windows 10, Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019.

While using the runas try to use less privileged accounts in order to restrict permission to prevent security vulnerabilities. One of the most popular use cases for the runas command is running commands and tools with Administrator privileges for regular users.

runas Command Syntax

The runas command has the following syntax where the OPTION, USER, and APPLICATION are used.

runas OPTION USER APPLICATION
  • OPTIONS are used to provide different behavior for the runas command. The OPTION is explained in detail below.
  • USER is the user account and privilege where the APPLICATION will be executed. USER parameter is provided as /user:ismail .
  • APPLICATION is the application that will be executed with the provided USER privileges and given OPTIONS. This application can be a binary, executable, command, or script.

runas Command Options

The runas command provides following options or parameters to change usage.

OPTION DESCRIPTION
/profile Load user profile. This parameter cannot be used with the /netonly parameter.
/noprofile Do not load the user profile. Makes faster execution.
/env Specify the network environment differently than the user.
/netonly Indicates that the user information specified is for remote access only. This parameter cannot be used with the /profile parameter.
/savecred Save provided user credentials. This parameter cannot be used with the /smartcard parameter.
/smartcard Provide credentials from a smartcard. This parameter cannot be used with the /savecred parameter.
/showtrustlevels Displays the trust levels that can be used as arguments to /trustlevel.
/trustlevel Set trustlevel for application. Use /showtrustlevels to see the trust levels available.
/user:<UserAccountName> “<ProgramName> <PathToProgramFile> Specify the user name
/? Displays help information

Display runas Help Information

Help information about the runas command can be displayed with the /? option below. This help information also provides some usage examples.

C:\Users\ismail>runas /?
RUNAS USAGE:

RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
        /user:<UserName> program

RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
        /smartcard [/user:<UserName>] program

RUNAS /trustlevel:<TrustLevel> program

   /noprofile        specifies that the user's profile should not be loaded.
                     This causes the application to load more quickly, but
                     can cause some applications to malfunction.
   /profile          specifies that the user's profile should be loaded.
                     This is the default.
   /env              to use current environment instead of user's.
   /netonly          use if the credentials specified are for remote
                     access only.
   /savecred         to use credentials previously saved by the user.
   /smartcard        use if the credentials are to be supplied from a
                     smartcard.
   /user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
   /showtrustlevels  displays the trust levels that can be used as arguments
                     to /trustlevel.
   /trustlevel       <Level> should be one of levels enumerated
                     in /showtrustlevels.
   program         command line for EXE.  See below for examples

Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

NOTE:  Enter user's password only when prompted.
NOTE:  /profile is not compatible with /netonly.
NOTE:  /savecred is not compatible with /smartcard.

Run Application with Different User Accounts

We will start with a simple example where we will run or execute applications with a different user. We will provide the /user option for the user ismail . We will also specify the application or executable we want to run. Also, scripts can be executed as the same.

> runas /user:ismail cmd.exe

When we executed this command we will be asked for the password for the specified user which is ismail in this example. By the way, everything will be in the command line and the provided password does not display which is a security measure. Also, complete information about the user is provided like the user domain which is a local account.

C:\>runas /user:ismail cmd.exe
Enter the password for ismail:
Attempting to start cmd.exe as user "DESKTOP-HQVAMA3\ismail" ...

Below you can find different examples of runas command. Using a double quote is very useful for commands with multiple spaces and extra parameters.

> runas /user:ahmet cmd.exe

> runas /user:ismail 
C:\Users\ismail\Downloads\python-3.8.5-amd64

> runas /user:ismail "
C:\Users\ismail\Downloads\python-3.8.5-amd64"

> runas /user:ismail 
"C:\Windows\System32\cmd.exe" 

> runas /user:ismail 
"notepad.exe C:\Users\ismail\Desktop\file.txt" 

Save Credentials

If you are using the runas command frequently for the same users again and again typing credentials or passwords is a trivial task. You can save credentials or passwords one time and use these credentials multiple times without typing again and again. You need to provide the /savecred option which will save credentials or passwords for the current user and later it won’t request the password for this user.

> runas /user:ahmet /savecred cmd.exe

Runas Without User Profile

By default, the user profile specified for the runas will be loaded to execute the provided command. The user profile is simply the user configuration, environment variables, etc. This creates some workload which makes the runas command a bit slower. By using the /noprofile option this can be disabled and the user profile will not be loaded and the current user profile will be used.

> runas /user:ahmet /noprofile cmd.exe

Use Current User Environment

The /env option can be used to use the current user environment even if the command will be executed with the specified user privileges.

> runas /user:ahmet /env cmd.exe

Run Application with Domain Account

We can also use the runas command in a domain or active directory environment. We can run an executable or application with a different domain account. We will just add the domain name and domain account name. In the following example, we will run the cmd.exe with the windowstect domain and user ismail .

C:\>runas /user:windowstect\ismail cmd.exe
Enter the password for ismail:
Attempting to start cmd.exe as user "windowstect\ismail" ...

It can be also used to run applications with other domain user privileges without logging out and logging in with different domain users. Just provides other domains and the user name as current domain account information.

Run Application Local Administrator Account

The administrator account is the highest level account with all privileges in the current system. A local administrator account is the administrator account of the local system which is not related to a domain. A local administrator account can be used to install applications and change configuration by using the runas command.

C:\>runas /user:Administrator Chrome.exe
Enter the password for Administrator:
Attempting to start Chrome.exe as user "Administrator" ...

Run Application Domain Administrator Account

The Domain Administrator account is used to administrate and manage the domain with the highest level privileges. The domain administrator account can be used to install applications and change the local and domain-wide configuration. The domain administrator account consists of a domain name and Administrator .

C:\>runas /user:windowstect\Administrator Chrome.exe
Enter the password for Administrator:
Attempting to start Chrome.exe as user "windowstect\Administrator" ...

RunAs From File Explorer or GUI

The runas the mechanism can be also used from the graphical user interface from file explorer. We can run different applications and executables with different user privileges and accounts. This can be especially useful to install applications with an administrator account without logging in to The administrator user account. In order to runas right-click on the executable while pressing the SHIFT key which will open the menu like below. Click the Run as different user to specify the user account we want to execute in.

Runas Application As Different User

We will see the following screen where it requests the user privileges like username and password to run the specified executable.

Specify Username and Password For Runas

Popular Run As Command Examples

In this part, we will provide some useful and popular commands which can be used with the runas.

# Start the cmd.exe or MS-DOS with administrator privileges
> runas /noprofile /user:mypc\administrator cmd
.exe

# Open the MMC without logging as Administrator
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"

# Open the myfile.txt as different user with notepad.exe
> runas /user:ismail@domain.example.org "notepad C:\myfile.txt"

# Open Registery or regedit
> runas /user:administrator regedit

# Shutdown the system
> runas /user:administrator /savecred "shutdown /i"

Runas Command Errors

While using the runas command some errors can occur. For example, if the provided password is wrong or provided the user account does not exist the “1326: The user name or password is incorrect.”.

C:\>runas /user:Administrator cmd.exe
Enter the password for Administrator:
Attempting to start cmd.exe as user "DESKTOP-HQVAMA3\Administrator" ...
RUNAS ERROR: Unable to run - cmd.exe
1326: The user name or password is incorrect.

Also, the runas command does not work with empty passwords. So the user should have a password that is not empty. If the user has an empty password you will get the “1327: Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions or a policy restriction has been enforced” error. As you can see that this error can occur for logon hour restrictions, policy restrictions, etc.

C:\>runas /user:ismail cmd.exe

Enter the password for ismail:
Attempting to start cmd as user "ABC\ismail" …
RUNAS ERROR: Unable to run – cmd
1327: Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.

1 thought on “Windows Runas Command- Execute Programs with Different User Account”

Leave a Comment