RunAs netonly with credentials saved

I can start a process with runas /netonly and runas /savecred but I can't use both the flags at the same time.

Is there a way to run a process as a different user remotely without having to type the password every time?


Solution 1:

I'm afraid this is an unsupported option you can provide either /netonly or /savecred but not both:

runas [{/profile | /noprofile}] [/env] [{/netonly | /savecred}] [/smartcard] [/showtrustlevels] [/trustlevel] /user: " "

more info: https://technet.microsoft.com/en-us/library/cc771525.aspx

Solution 2:

In the other answer here Jason rightly notes that runas /netonly does not support saving the credentials, and Microsoft intentionally made it hard to use runas with a hard-coded password (from a batch script).

The suggestion to use the Windows Credential Manager that Stefano pointed to in their comment is useful when you want to always connect to the given service (i.e. myserver.mycompany.com:XXX) using the specified credentials.

For a command-line solution, with behavior similar to runas.exe, but without having to type the password, I found the RunAs powershell module (which seems to implement this advice) very useful:

  1. Install from PowerShell Gallery by running the following in an elevated PowerShell prompt (requires Powershell v5 or Windows 10):

    Install-Module RunAs
    
  2. Encrypt the password by running:

    # change `domain\username` as needed:
    ConvertFrom-SecureString (Get-Credential 'domain\username').Password
    

    This will prompt you for the login and the password and print a long hexadecimal number, which you'll have to copy.

  3. Now you can do the equivalent of runas /netonly using:

    Import-Module RunAs
    
    # replace xxxx below with the encrypted password from step 2 (and `domain\username` too)
    # you might want to put this into your profile: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7
    $mycreds = New-Object Management.Automation.PSCredential('domain\username', (ConvertTo-SecureString 'xxxx'))
    
    runas -netonly $mycreds "c:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE"
    

P.S. many resources on the net suggest using psexec to run as a different user. After looking up how that works under the hood, I don't believe it to be a viable alternative to runas /netonly