Internet Explorer 7 with elevated rights (to run Windows Explorer as admin)
The basic concept is to use RUNAS to start Task Manager, kill the explorer.exe task and restart the explorer.exe process (which would now be started with admin privileges), do the work needed, then kill and restart the explorer process using the original logged-on user.
Here's how to do it. While logged on as a normal user:
1. Start Task Manager using RUNAS. You must do this first, because if you just start Task Manager and perform the steps below, you will not be able to quick the Explorer.exe running with Admin privileges later. Start>Run>Type: runas/user:machine or domain name\administrator taskmgr.exe.
2. Click the Processes tab. Select explorer.exe. Click End Process. Click Yes on the warning pop-up message. The entire desktop will disappear. You will still have any programs that you started including Task Manager.
3. Click the Programs tab. Click New Task. Type: explorer.exe. Click OK.
4. A Console window will appear and prompt you for the password. Minimize Task Manager, type the password and press Enter. The desktop will return, including the task bar, shortcuts, Startup folder items, etc. Perform necessary administrative tasks. For example: clicking Start, Settings and Control Panel will bring up control panel in administrative context.
5. When you're finished, expand the Task Manager window and kill the explorer.exe process. Then restart by choosing the Programs tab. Click New Task. Type: runas /user:machine or domain name\user taskmgr.exe. (Note: You should use the original logged-on user's account to restart the Explorer shell under their own privileges. Do this so the user does not retain the elevated privileges of the admin account from step 3.)
6. Close Task Manager.
It's a lot of steps, but it's the only way I've found to get an Explorer window open with administrative privileges while allowing the user to stay logged on. If anyone has another workaround, let me know.
Note: You cannot just use RUNAS against explorer.exe by default, because it will check to see if a version of Explorer is running and will exit if it detects one. You can work around this by setting the folder option to "Launch folder windows in a separate process." This is a per-user option, off by default, that needs to be set for the target user account.
That is, if you want to use RunAs to start explorer.exe as MyAdminAccount, then MyAdminAccount needs to have the "separate process" option set. Once this flag has been set, you can start explorer.exe with RunAs, or from your admin cmd shell. (I'm sure you can set this via Group Policy, but I've yet to go down that road.)
Note 2: If you're trying to perform a network-related task and still get the same credentials failure message, even when you perform the above steps, you may need to connect to that resource using a mapped network drive that was created using the RUNAS command.
Here's how to do it. While logged on as a normal user:
1. Start Task Manager using RUNAS. You must do this first, because if you just start Task Manager and perform the steps below, you will not be able to quick the Explorer.exe running with Admin privileges later. Start>Run>Type: runas/user:machine or domain name\administrator taskmgr.exe.
2. Click the Processes tab. Select explorer.exe. Click End Process. Click Yes on the warning pop-up message. The entire desktop will disappear. You will still have any programs that you started including Task Manager.
3. Click the Programs tab. Click New Task. Type: explorer.exe. Click OK.
4. A Console window will appear and prompt you for the password. Minimize Task Manager, type the password and press Enter. The desktop will return, including the task bar, shortcuts, Startup folder items, etc. Perform necessary administrative tasks. For example: clicking Start, Settings and Control Panel will bring up control panel in administrative context.
5. When you're finished, expand the Task Manager window and kill the explorer.exe process. Then restart by choosing the Programs tab. Click New Task. Type: runas /user:machine or domain name\user taskmgr.exe. (Note: You should use the original logged-on user's account to restart the Explorer shell under their own privileges. Do this so the user does not retain the elevated privileges of the admin account from step 3.)
6. Close Task Manager.
It's a lot of steps, but it's the only way I've found to get an Explorer window open with administrative privileges while allowing the user to stay logged on. If anyone has another workaround, let me know.
Note: You cannot just use RUNAS against explorer.exe by default, because it will check to see if a version of Explorer is running and will exit if it detects one. You can work around this by setting the folder option to "Launch folder windows in a separate process." This is a per-user option, off by default, that needs to be set for the target user account.
That is, if you want to use RunAs to start explorer.exe as MyAdminAccount, then MyAdminAccount needs to have the "separate process" option set. Once this flag has been set, you can start explorer.exe with RunAs, or from your admin cmd shell. (I'm sure you can set this via Group Policy, but I've yet to go down that road.)
Note 2: If you're trying to perform a network-related task and still get the same credentials failure message, even when you perform the above steps, you may need to connect to that resource using a mapped network drive that was created using the RUNAS command.
Gúrúinn birti þann
08:58
0 Ummæli:
Skrifa ummæli
Gerast áskrifandi að Birta ummæli [Atom]
<< Heim