"In het verleden behaalde resultaten bieden geen garanties voor de toekomst"

These are the ramblings of Matthijs Kooijman, concerning the software he hacks on, hobbies he has and occasionally his personal life.

Questions? Praise? Blame? Feel free to contact me.

My old blog (pre-2006) is also still available.

Sun Mon Tue Wed Thu Fri Sat

9

Tag Cloud
&
(With plugins: config, extensionless, hide, tagging, Markdown, macros, breadcrumbs, calendar, directorybrowse, entries_index, feedback, flavourdir, include, interpolate_fancy, listplugins, menu, pagetype, preview, seemore, storynum, storytitle, writeback_recent, moreentries)
Valid XHTML 1.0 Strict & CSS
Using runas with explorer

It feels a bit weird to write about windows, but perhaps other people have some use for this.

At Inter-Actief, we normally log in with non-privileged accounts. Every now and then, we (the sysadmins) want to do something with privileges. For this, we use the runas utility, which is included with Windows XP by default. It runs a given command with different privileges (after entering a password, of course).

One of these things is browsing the file system and copying files. In other words, you want to get an explorer window with privileges. Simply running

runas.exe /user:Administrator explorer


Doesn't work. This will notice there is already a running explorer process and let that existing process open a new window instead (which will not have privileges).

Previously, we misused Internet Explorer for accomplishing this. Internet Explorer is really just another face of explorer (But with a different process name), so if you would start a new instance of Internet Explorer and navigate to "C:" instead of an url, you'd get a perfectly usable explorer, running as Administrator.

For example,

runas.exe /user:Administrator "C:\Program Files\Internet Explorer\iexplore.exe C:\"


gets you a fancy new explorer window, but only when using IE6. Internet Explorer 7 dropped all those explorer-like features (which is a good thing, btw), but now this trick doesn't work anymore.

Some googling around gave me Aaron Margosis' blog who describes some trick with setting a "run explorer windows in separate processes"-flag for the Administrator user.

This is all nice and fancy, but I won't be logging into every client here to set that bit, only to do it again (or more annoying, forget it) whenever we reinstall a machine.

Fortunately, badri commented another trick: Use the /separate flag to explorer. This forces explorer to run as a seperate process, ignoring any already running instances. This gives a command line such as:

runas.exe /user:Administrator "explorer.exe /separate,C:\"


Be careful to include the "," there, between /separate and the path. I'm not sure why it is there, but it doesn't work without.

This ended up as bit longer post than I intended, but at least I'm writing again.