No announcement yet.

Windows XP - RUNAS (Secondary Logon Service)

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows XP - RUNAS (Secondary Logon Service)

    Hi,I am currently setting up new security measures. One of which is to seperate user and administration accounts and use the Run As feature to elevate permissions according to task required.I have created a second account for admins (which is a copy of original account) and removed permissions from the original account etc. I have an issue with the runas service where, I am unable to view the results of a Volume Shadow Copy even when Windows Explorer has been elevated to admin account level. I have even logged onto the PC as the admin account and tried that and it WORKS fine, but not when using runas? Anyone got any ideas....I am at a loss...!(error received is as follows; The folder \\[folder location] does not exist.ThanksAlan

  • #2
    Re: Windows XP - RUNAS (Secondary Logon Service)

    I don't know about the volume copy, but it maybe that just because you've elevated explorer.exe may not pass on the privileges to the subsequent volume shadow copy service.

    what you can try is elevate the command prompt to the local admin like:

    runas /noprofile /user:[email protected] "cmd.exe"

    this will give you a command prompt with elevated privileges and then try running something like vssadmin.exe and see if you can the results you need.

    I've never tried this with VS, but i've done the command prompt trick for mmc files, domain scripts, etc..


    • #3
      Re: Windows XP - RUNAS (Secondary Logon Service)

      Originally posted by roguecoolman View Post
      runas /noprofile /user:[email protected] "cmd.exe"
      I suspect
      was meant to read

      In any case, launching programs from an elevated command prompt will run those programs as the elevated user too.
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.


      • #4
        Re: Windows XP - RUNAS (Secondary Logon Service)

        oops my bad. Yes the "\"


        • #5
          Re: Windows XP - RUNAS (Secondary Logon Service)

          Thanks for your posts!
          I have already tried what you have suggested by creating a batch file with the following contents;
          runas /user:[domain]\[username] "%windir%\explorer.exe"
          I then try to browse to the location, right click on the folder, choose the previous versions tab....and then get the error as indicated in the original thread.
          I can't see it being a permissions issue as if the user logs directly onto the pc using their secondary account (admin account) and try that process it works fine.
          Something else to throw into the equation is another user who I have setup in the same way works just fine!
          I am getting a real headache on this one....


          • #6
            Re: Windows XP - RUNAS (Secondary Logon Service)

            instead of using explorer, what about running vssadmin to see your results from an elevated command prompt?

            quick question, you are using an XP client to browse to a network location where the volume shadow copies are stored? Are you running a domain model or workgroup? If you are running a domain model, have you tried elevating to the domain admin and not just local box admin?


            • #7
              Re: Windows XP - RUNAS (Secondary Logon Service)

              It is a domain model. The account we are elevating as, has rights to the domain that should enable the work to be completed (we proved this by logging on directly as that elevated user and it worked)
              Rather then UNC'ing to the path of the file that we want to view previous versions of, we mapped a drive with alternate credentials and this worked!! Its a workaround, but still frustrating that it will not work within an elevated Explorer window.
              I am sure there will be more issues like this, as I roll out to all admins!! Does anyone have any known issues or best practices with runas options etc?

              Thanks for your help so far!