How to run a command as administrator on Windows7 from a command line?

windows permissions windows-7 runas

I need to run tscon.exe 0 /dest:console remotely = not manually on Windows7 as an administrator. More info here How to use tscon on Windows7?

I did my research and

  • OPTION 1 - runas

for user root (no password) on computer yogurt works

C:\>runas /user:yogurt\root cmd
Enter the password for yogurt\root:
Attempting to start cmd as user "yogurt\root" ...

for user administrator (I thought the the password is blank too) on computer yogurt doesn't work. I am asked for password, hit the enter and 

C:\>runas /user:yogurt\administrator cmd
Enter the password for yogurt\administrator:
Attempting to start cmd as user "yogurt\administrator" ...
RUNAS ERROR: Unable to run - cmd
1327: Logon failure: user account restriction. Possible reasons are blank passwo
rds not allowed, logon hour restrictions, or a policy restriction has been enforced.
  • OPTION 2 - setting properties of a batch file so it always runs as administrator. The 'privilege level' section is greyed out for me under Compatibility level. So I am not able to tick the check box Run this program as an administrator

Solution 1:

You may find that the local Administrator account is in fact disabled. Take a look in the Local Users and Groups in Computer Management.

Regardless of that, I wouldn't recommend enabling the account, especially if it really does have a blank password.

Running a program 'as Administrator' (as in on the right-click menu) and doing a RunAs Administrator are not the same thing:

  • Running a program 'as Administrator' means that the program still runs under the context of your user account (i.e. the person invoking the program) but using a modified access token that includes membership of the Administrators group. A process started in this way would show as being owned by you in Task Manager.

  • Using RunAs with the Administrator account really does try to invoke the program under the Administrator account. A process started in this way would show as being owned by Administrator in the Task Manager.

EDIT: Although the above is relevant, I think the real problem might be to do with something called Session 0 Isolation which started with Windows Vista/Server 2008.

Solution 2:

Sysinternals PSExec could do it? 

psexec /s "CMD.EXE" \\computer01 -u "domain\user" -P "password"

After the -u, instead of Domain\User you can try Computer01\LocalAdministrativeUser

But really it depends on the local configuration of the remote machine. If you don't already have local administrator accounts on there then you are going to have to create those first.

This will launch a new CMD.EXE running as "nt authority\system" on the remote machine, which is as close to session 0 as you can get these days. Anything you now run in that window is running on the remote machine. Try running IPCONFIG and or HOSTNAME if you are unsure.

Careful. Running at this level allows you to really really break stuff.

Related

Running a DNS nameserver in a .local domain
Import SSL Cert into IIS when I have the text of the certificate and private key
Is there a pseudo backup procedure to force Exchange log truncation?
Postfix: content-filter vs. milter
Hard Drive Speed: RPM vs. Cache
How to Get a List of All Root / Main Installed Packages on Debian
Am I using virtio for my KVM guest?
Mac OS X client crashes while mounting and writing to Linux server via NFSv4
Getting stats about deliverability from postfix
Why is CPU use so asymmetric on our 8-cpu SQL Server box?
How to mount multiple folders with nfs4 on centos?
RAID 1+0 vs RAID 0+1