Batch: Run programs as a different user.
Jin -
Hello,
I'm looking to create a batch file that allows me to open several programs at the same time as a different user.
I would like it to prompt me to enter my password (only once) upon opening the batch file, and then open the various programs that I would have listed in it.
Starting from this base (for example) :
runas /user:domaine.fr\p.nom "software path"
Perhaps it's necessary to repeat the command with the different software paths ..?
Do you think this is feasible? Dos or Powershell commands?
Thank you for your investigations! ^^
2 réponses
Hello,
First of all, remember that the RUNAS command cannot elevate (in French that you cannot use an administrator account if you do not have those rights).
You can workaround this by using a third-party utility (ShellRunas, Sysinternals).
In any case, a command must be issued for each software to be launched (and a possible delay between each one, that's another question).
To my knowledge, it's not possible to input the password into a variable that would be defined on demand by SET /P and then used in the RUNAS command, as this is a security feature deliberately built into the command.
Therefore, the password would need to be read from a text file where it is specified using a syntax like
runas /user:localadmin "c:\users\localuser\desktop\control.exe" < password.txt
which is absurd unless the script deletes the file after use, but then there's no point in creating one.
Good evening, if I understood correctly,
You want to open several software applications at the same time as another user using the RunAs function and batch coding?
So simply, one idea that comes to mind.
You are going to create two batch files!
First, you will simply create a batch file that will open all your programs (add or remove lines as needed). This way:
@echo off start "" "C:\Path\To\Program1.exe" start "" "C:\Path\To\Program2.exe" start "" "C:\Path\To\Program3.exe" start "" "C:\Path\To\Program4.exe" start "" "C:\Path\To\Program5.exe" echo --------------------------------------- timeout /t 3 /nobreak >nul exit
You will save this file in batch format giving it a name, for example multifruits.bat, wherever you want; to be neat, you can save it on the desktop of the secret session.
Secondly, you will create a batch file with the RunAs function that will open this batch file as another user! ;)
I found an old batch file that I had written some time ago, yes I know... I like to make it complex, in batch; as soon as I start writing, I can't stop. ^^'
Replace the first two lines without quotes:
Program and User
@echo off set Programme=C:\Path\To\batch\multifruits.bat set Utilisateur=SessionName goto pass :open cls set /a tempo = 0 echo --------------------------------------- echo ----Welcome to the Runas function---- echo --------------------------------------- timeout /t 3 /nobreak :prog cls echo --------------------------------------- echo Please enter the path to the program you wish to open echo Or the execution command shortcut: set Programme=null set /p Programme= if %tempo% geq 1 goto pass :user cls echo --------------------------------------- echo Please enter the username with which you want to log in: set Utilisateur=null set /p Utilisateur= :pass cls echo To open %Programme% echo On your computer as %Utilisateur% runas /profile /user:%Utilisateur% "%Programme%" if %errorlevel% neq 0 goto :error echo --------------------------------------- echo The program launched successfully! echo --------------------------------------- timeout /t 3 /nobreak >nul goto eof :error echo --------------------------------------- echo ------An error occurred!------ echo --------------------------------------- echo Do you want to continue? (yes/no) set Rep=yes set /p Rep= if %Rep%==no goto end set error=------ set quitt=------ set /a tempo = 0 :erratum cls if %tempo%==3 goto bugg set /a tempo = tempo + 1 echo ----------------%error%---------------- echo What do you want to modify? echo ----------------%quitt%---------------- echo 1 The entered program echo 2 The entered user echo 3 The password echo 4 Everything set Chx=null set /p Chx= Your choice: if %Chx%==0 goto end if %Chx%==1 goto prog if %Chx%==2 goto user if %Chx%==3 goto pass if %Chx%==4 goto open set error=error set quitt=0 Exit goto erratum :bugg cls echo -----------------oops!----------------- goto eof :end echo --------------------------------------- :eof echo ------------- See you soon! ------------- echo --------------------------------------- timeout /t 3 /nobreak >nul exit
You just need to save it in batch format and run it as needed. (or of course modify your old batch file ;)
Ps: This is a version of code with systematic password request!
If you want a shortcut with the RunAs function to access without ever having to enter a password again (only once to save it), use the command /savecred
Hello,
First of all, let’s note that the author has not returned for more than a month: we are probably speaking into the void.
Nevertheless, your batch seems questionable to me.
First, I have doubts that the Runas command applied to a batch only changes the user of the command interpreter, not that of the executables being called: why not just write as many Runas sentences as there are executables to launch?
I also, of course, have reservations about potentially saving a password; but the /savecred switch reproduces the previous username by design, the Runas command will always prompt for the password.
Why would we want to iterate 3 times on asking for credentials, isn’t it enough to have a Choice or Set /p that allows entering credentials as many times as we want with the option to restart-exit?
Finally, why define the program and the user at the beginning when we are going to ask the user to specify them later in the script?
Hello @brucine and @zekey_0764
The /savecred function works perfectly (even with a second batch file containing the links to open with "Start")! Usually, it is no longer necessary to enter a password, it is saved.
/Savecred saves the authentication of the session you want to open, so you no longer need to enter a password.
As for the batch code I propose, you are right that 99% of the code is unnecessary, less than 5 lines of code is enough! Let me restate it by incorporating /savecred (Replace the two lines at the beginning without quotes:
Program and User)
@echo off set Program=C:\Path\To\batch\multifruits.bat set User=SessionName runas /savecred /user:%User% "%Program%" exit
Of course, there can be many other ways to do this!! But the simplest way (with only batch language), I started with the first idea of creating two batch files! One containing the links with the 'Start' function, and the other containing the 'RunAs' function! (Create a batch file that simply has the "Start" function which would open several links. And a 'RunAs' batch file to simply open all these links with a specific session identification.)
Of course, we can also write each 'RunAs' statement one by one in a batch file. Even if I find that a bit more tedious! ;) Especially if there are many links.
The /savecred function should be removed if you wish to enter a unique password each time to launch all the programs contained in the second batch file! Otherwise, the session and password will be saved! ;)
Ps: If there are many links in the batch file containing all the links to be opened simultaneously, we can put a small delay between each link to open, if the computer struggles...! I deliberately added the timer command 'timeout /t 3 /nobreak >nul' in the code containing the links; just add it between each link, adjusting the value of /t as needed.
Hello,
If that is the case, there is nothing stopping you from coming back to ask for clarification...
I don't really see the point of the double batch as it is recommended; a single one is enough, but to each their own.
I would do as I have outlined, as many Runas lines as there are programs to launch (timing with timeout or whatever if it is necessary that one is properly launched before the next), and Runas substituting Start, but it is likely, as mentioned, that Runas saves the username but continues to ask for the password at each execution: that's why the only solution is, as suggested in <1>, to read it from a text file, but that is not very secure.