Windows – runas when you already are administrator

runaswindows 10

Something escapes me when trying to use runas to elevage privilege. Simple Win10 machine with single user who already has admin rights. I need to write in a specific registry key via script, but I get "access denied" when I try with the reg command directly.

> reg ...
ERROR: Access is denied.

If I try:

> runas /user:Administrator Command
Enter the password for Administrator:
1326: The user name or password is incorrect.

It refuses my user password. I don't think there's a specific administrator password on a local machine, right ? There's no other account.
Trying:

> runas /user:MyUser Command
Enter the password for MyUser:
740: The requested operation requires elevation

So how do I elevate privileges from the command line ?!?
Why can't I see that I have admin rights here:

>runas /showtrustlevels
The following trust levels are available on your system:
0x20000 (Basic User)

EDIT:
Maybe I should be more clear about what I want to do. From a C program I want to make a change to WT_KEY_HKLM, "Software\Microsoft\Windows\CurrentVersion\Run". I could do this directly in XP, but in more recent versions of Windows, it has no effect. And indeed, running "reg" on this key from the command line gives access denied. I don't want to run my program with elevated privileges, so muy idea was to do something like system("runas reg …") where it would ask for the password and make the registry change. But I can't even get the command to work from the command line. Maybe someone can suggest the proper way to do that ?

Best Answer

Replace [user] and [command] with what you are trying to use and give this a try:

powershell.exe -ExecutionPolicy Bypass -command "& {Start-Process powershell.exe -Credential '[user]' -ArgumentList 'Start-Process ""[command]"" -Verb runAs'}"

Pros:

  • It can be used in an unelevated command prompt, the Run window & windows shortcuts
  • It elevates the command only. Elevation is done as part of running the command not executing the PowerShell windows.

Cons:

  • It will always prompt you for your login (there is no way to save credentials as can be done with runas). - this may be a Pro.
  • There will be a UAC prompt if UAC is enabled - this is unavoidable when elevating with UAC.
  • It opens (and closes) 2 PowerShell windows while processing the credentials and elevation
  • Quotes in the command are problematic (or at least get complicated FAST). You will want to place any command that needs quotes in a batch file and run the batch file as the command.

If you want to run this command from a PowerShell prompt it can be shortened to this:

Start-Process powershell.exe -Credential '[user]' -ArgumentList 'Start-Process ""[command]"" -Verb runAs`'

S.