LSrunasE tool encrypts passwords to protect Admin privileges

Microsoft created the RUNAS command-line function to deal with the problems involved with escalated privileges in user accounts. But since RUNAS requires a password to be provided, this defeats the point. In response, substitutes for RUNAS were created that protect the credentials needed to run a program as Administrator. LSrunasE is one of these.

There are many problems involved with escalated privileges in user accounts. Sometimes it's not possible to run...

a certain program in Windows as anything but the Administrator. In other situations, you wouldn't want to do this casually, since letting users log in as an Administrator can open the door to allowing them to do a great many other unauthorized things.

Microsoft provided the RUNAS command-line function to allow one user to run a program in the context of another user. But since the program requires a password to be provided, this defeats the point. If the user has access to the password needed to log in or run programs with elevated privileges, they can in theory do anything they like. So much for security!

In response to this, many people have created substitutes for RUNAS that protect the credentials needed to run a program as Administrator. One of the better new substitutes for RUNAS is LSrunasE. Like other such programs, LSrunasE is used to run a command as another user, but the advantage it offers is that the password needed can be encrypted using a tool provided with the program that makes reverse-engineering the password very difficult (to put it mildly) for a casual user.

The password-encryption tool runs as a GUI application; LSrunasE itself is a command-line program. The encrypted password is passed to the program itself as a command-line parameter, so little work is involved to allow an admin-level program to run securely in a conventional user's context.

Since the password-encryption tool only works in one direction -- it encrypts, but doesn't decrypt -- it is impossible for a user to reverse-engineer the password even if they download the tool themselves, and the security of the whole process is maintained.


Serdar Yegulalp wrote for Windows Magazine from 1994 through 2001, covering a wide range of technology topics. He now uses his expertise in Windows NT, Windows 2000 and Windows XP as publisher of The Windows 2000 Power Users Newsletter and writes technology columns for TechTarget.

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!

This was first published in March 2005
This Content Component encountered an error



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:









  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.