Can I start a program from command line for another logged in user?

No. Windows does not offer the type of user impersonation capability you're asking about here. There's no sudo equivalent, or even approximation in Windows.

I can't find the document or article at the moment, but not allowing sudo-style user impersonation functionality in Windows was a deliberate design decision way back in the earliest days of the NT kernel, and as a result, we're very much stick with it. (There aren't even any clever workarounds or hacks to circumvent it as there usually are - this one's just far too deeply rooted to get around.)

In the Windows world, in order to perform [practically] any action as a user (whether it's running a program, authenticating against AD or anything else), you require an access token, which is used to identify and authenticate the user's access/privileges. This access token is only created when the user's account name and password are supplied (at login, for RunAs, and so on).

The potentially important caveat (for your purposes) is that an existing access token can be duplicated into an impersonation token, which can be passed on to the ImpersonateLoggedOnUser function, which can be used to impersonate the security context of a logged-on user.

Seeing as how you're one of those developer/programmers who might know how to work with the arcane magiks of .NET, this may be useful to you in writing a small application to achieve what you want to do.

However, to be precisely clear, there is no command you can run or process to follow to impersonate a Windows user, short of coding one up (or finding one someone else coded up), and even then, it's limited to users whose access tokens are available (logged on users).


If the users are logged on, you can use something like owexec to launch processes as them. It doesn't require their password. We use it for something very similar to what you describe, except for the Terminal Services part.

You may need to add some scripting to gather all active sessions, then target them each, individually, with the -u option.