There are many problems involved with escalated privileges in user accounts. Sometimes it's not possible to run a certain program in Windows as anything but the Administrator. In other situations, you wouldn't want to do this casually, since letting users log in as an Administrator can open the door to allowing them to do a great many other unauthorized things.
Microsoft provided the RUNAS command-line function to allow one user to run a program in the context of another user. But since the program requires a password to be provided, this defeats the point. If the user has access to the password needed to log in or run programs with elevated privileges, they can in theory do anything they like. So much for security!
In response to this, many people have created substitutes for RUNAS that protect the credentials needed to run a program as Administrator. One of the better new substitutes for RUNAS is
The password-encryption tool runs as a GUI application; LSrunasE itself is a command-line program. The encrypted password is passed to the program itself as a command-line parameter, so little work is involved to allow an admin-level program to run securely in a conventional user's context.
Since the password-encryption tool only works in one direction -- it encrypts, but doesn't decrypt -- it is impossible for a user to reverse-engineer the password even if they download the tool themselves, and the security of the whole process is maintained.
Serdar Yegulalp wrote for Windows Magazine from 1994 through 2001, covering a wide range of technology topics. He now uses his expertise in Windows NT, Windows 2000 and Windows XP as publisher of The Windows 2000 Power Users Newsletter and writes technology columns for TechTarget.
Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!
This was first published in March 2005