Runas/cpau/lsrunase Use Summary (run specified program as Administrator)

In an enterprise environment, there is generally no user administrator rights to the domain user or Enterprise PC Client for security reasons.

But occasionally there will be an individual program that requires administrator status to perform, such as financial certain programs or professional applications. So how to not give the user administrator rights and passwords, but also let the user have permission to execute the specified program?

Here are some of the main approaches:

1,runas command (Microsoft Native command):

Usage:
Runas/user:user_name Abc.exe
User_name is to use which user to run the program to write which user name, Abc.exe is the program name, if Abc.exe is not in the System32 directory, you need to specify the specific path.

Enter runas in CMD to see its help description and examples of its use:

RUNAS [/profile] [/env] [/netonly]/user:<username> Program
/profile If you need to load a user's configuration file
/env to use the current environment, not the user's environment.
/netonly is used only if the specified credentials are limited to remote access
/user <UserName> should use [email protected] or domainuser form
Program EXE. The command line. See the example below
For example:
> Runas/profile/user:mymachineadministrator cmd
> runas/profile/env/user:mydomainadmin "mmc%windir%system32dsa.msc"
> Runas/env/user:[email protected] "notepad" my File.txt ""
Note: Enter the user's password only when prompted.
Note: [email protected] is incompatible with/netonly.

However, since RunAs has to enter the password on its own every time, it is troublesome to add parameters (runas/savecred) to save the credentials.

Cases:
Runas/user:administrator/savecred "D:\Program Files\anydesk.exe"

You can save the above command as a batch so that you can start the specified program with the administrator user right. (Direct execution, no longer requires user input password)

-----------------------------------

2, use Lsrunase, this is a third-party program, need to download. Comes with Lsencrypt used to generate encrypted strings.
Usage:
Lsrunase.exe/user:administrator/password:abcdqfmi/domain:/command: "D:\Program files\anydesk.exe"/runpath: "D:\ Program Files "

All the parameters must be complete, including:
User is the running account
Password The string after the password is encrypted
Domain is either a machine name or a field name, or it can be left blank to represent native
command is the name of the program to run, and if carrying arguments requires a quotation mark
Runpath for program-initiated paths
Features: Can be a perfect alternative to runas, and avoid directly storing the password plaintext in the script.

-----------------------------------

3, using Cpau,cpau is also an alternative to the RunAs program, and powerful, you can use the encrypted password.
Usage:
Cpau-u administrator-p Password-ex notepad-file Start_notepad.txt-enc
Cpau-file Start_notepad.txt-dec
The above command can be executed before the instruction encryption is saved as a file, executed when loading this file.
Features: You can protect executed scripts and commands from being viewed by others, but there are some problems when using network paths.

Runas/cpau/lsrunase Use Summary (run specified program as Administrator)