I am using psexec.exe
to run programs in a different security context. However the programs start but it does not seem to be running in the specified security context.
In its minimal form:
psexec -u wsadmin -p password cmd
Starts a new cmd window if I type in that window whoami
C:\Windows\system32>whoami
win-k1r7g38nlkt\wsadmin
C:\Windows\system32>net localgroup administrators
Alias name administrators
Comment Administrators have complete and unrestricted access to the computer/domain
Members
-------------------------------------------------------------------------------
Administrator
wsadmin
The command completed successfully.
As you can see I am definately the other user. And I can confirm that this user is member of the "Administrators group"
C:\Windows\system32>mkdir test
Access is denied.
If I use runas with the specified user it works as supposed. But I need to supply the password on the commandline.
Best Answer
On Windows Vista and later, if UAC is enabled, a process launched by
psexec
-- even when run from an administrator account -- must have its elevate token set in order to get full privileges. This can be done by passing the-h
attribute in thepsexec
command line. So, you would change your command to:For more info, run
psexec /?
: