Notice: Due to size constraints and loading performance considerations, scripts referenced in blog posts are not attached directly. To request access, please complete the following form: Script Request Form Note: A Google account is required to access the form.
Disclaimer: I do not accept responsibility for any issues arising from scripts being run without adequate understanding. It is the user's responsibility to review and assess any code before execution. More information

Running cmd.exe as Administrator Under a Different Account

byartic6 -
0

If you have a requirement to run a Command Prompt/Powershell prompt as "Run as Administrator" with a different account, say a service account, then logging directly into servers with service accounts is highly discouraged specially when using RDP.

This article explains how to do exactly that for Command Prompt, this can be required when you are trying to perform certain tasks as a user without "Run as Administrator" privileges and you are greeted with Access Denied.


The Problem

Sometimes administrators need to run a Command Prompt as a different account and ensure it is truly running with elevated privileges - even though you are a local administrator - you need to request additional security permissions this is done from the option “Run as administrator”

Unfortunately, the built-in runas command does not trigger UAC elevation. Even if the target account is in the Administrators group, the resulting session is typically run with a filtered standard token — meaning many administrative commands will still fail with Access Denied.

Why does runas fail?

On Windows systems with UAC enabled, admin accounts have two tokens:

  • Standard token — Used by default for normal applications
  • Elevated token — Only used when a process is explicitly run “as administrator”

When using runas it launches using the standard token, so you never actually get elevation.

The Right Fix — PsExec

The Sysinternals PsExec tool can launch a process under another account and directly request the elevated token:

psexec.exe -i -h -u BEAR\delegate.user cmd.exe

Important: Depending on your security configuration, PsExec itself may need to be run from an already elevated prompt. In newer environments, endpoint protection or application control policies may block PsExec entirely.



Verifying You Really Have Elevation

It’s not always obvious if a Command Prompt is truly elevated, especially when using a different account.
A quick and reliable test is:

net session

  • If it returns:
    There are no entries in the list. (You may also see valid sessions)
    → You have administrative rights in that session.

  • If it returns:
    Access is denied.
    → You do not have elevation or the correct permissions.

If you follow these steps, you can safely and securely run administrative Command Prompts under the right account without lowering security standards or generating avoidable alerts.

Tags
Previous Post Next Post

نموذج الاتصال