How to launch Windows Explorer with the privileges of a different domain user?

32

15

My Windows 7 computer is connected to a Windows network at the workplace. There are two domains in use on this network, EMPLOYEES and TESTERS. I have logins on both domains, for example EMPLOYEES\Joe and TESTERS\TestJoe.

If I am logged into a computer as EMPLOYEES\Joe, how do I launch a Windows Explorer instance with the privileges of TESTERS\TestJoe? Note that I can switch user and login as TESTERS\TestJoe on this computer without any problem.

I have tried the suggestions given in this post, and they do not work.

Ashwin Nanjappa

Posted 2011-05-31T11:07:03.017

Reputation: 8 705

Some clarification on what you're trying to accomplish with this might help you get an answer faster. Are you trying to get access to network shares? – Paxxi – 2011-05-31T11:28:52.587

Par Bjorklund: Yes, network shares is my prime concern. – Ashwin Nanjappa – 2011-05-31T13:07:58.283

Answers

20

You don't need to run explorer.exe as a different user just to connect to a network share with different credentials.

In an explorer window you can click on "Map network drive", fill in the path and and make sure to check "Connect using different credentials". When you click the finish button you will get prompted for the credentials you want to use to connect the current share.

You can also accomplish this with the net command on the command line.

net use x: \\server\share /user:testuser@example.com password

Paxxi

Posted 2011-05-31T11:07:03.017

Reputation: 6 952

16

It seems that Windows actively resists the ability to launch Explorer as a different user. I resolved this issue on my Windows 7 system by doing the following:

  1. take ownership of reg key HK_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}, and grant yourself Full Control. This key controls how Explorer is allowed to launch
  2. rename the subkey from runas to _runas. If you receive an error doing this, then you probably didn't complete step one correctly

Once this is changed, you can launch Explorer with a different set of credentials via the runas command or with the freeware tool CPAU from Joeware.

From command prompt, you can then launch Explorer:

  • with runas
    • runas /user:domain\username "c:\windows\explorer.exe /separate"
    • followed by completing the password prompt.
  • with cpau
    • cpau.exe /u domain\username /p password /ex "E:\Windows\explorer.exe /separate"

Note:

  • You have to use the Explorer option /separate to force Explorer to launch as a separate process. see also
  • The advantage of using cpau over runas is that with cpau, you can specify username and password in the command prompt.
  • Other than using cpau for my own use, I am not affiliated with Joeware.

Ro Yo Mi

Posted 2011-05-31T11:07:03.017

Reputation: 347

When you run as the other user, it will run as a separate program. You do not need Explorer’s /separate option because that will launch an isolated copy of Explorer that won’t share with others. If you want a second Explorer window you need to rerun the command line step as you did the first. – Rich Shealer – 2014-11-19T03:16:51.280

I encountered problems when not using the /separate option. Essentially when the option was omitted executable launched from the separate explorer window received credentials for the currently logged in user, not the credentials of the user who launched the explorer window. – Ro Yo Mi – 2014-11-21T00:03:19.183

Not sure why it doesn't work for you. When I do it in Win 7, it shows in task manager as a separate process and anything I launched shows the user as Admin. – Rich Shealer – 2014-11-21T16:23:46.227

Probably because there are heightened security restrictions on our domain. – Ro Yo Mi – 2014-11-28T23:07:17.430

You many need to take ownership of the RegKey in step#1 before you can take full control (that was necessary in my case). – Bitfiddler – 2018-05-10T20:38:05.413

Take ownership, yes. Getting ownership confused me, this application gave me access: https://winaero.com/download.php?view.57 Alternatively you could try this guide: https://www.groovypost.com/howto/take-full-permissions-control-edit-protected-registry-keys/

– briantyler – 2018-09-05T10:49:43.733

There is one more important step that was required for this to work for me - changed HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess from 0 to 1 – Coruscate5 – 2019-02-04T17:44:30.547

On Windows 10, Joeware's CPAU worked fine, while your RunAs suggestion failed, although system was configured to allow separate Explorer.exe processes. – Julio Nobre – 2019-11-22T21:50:12.187

14

  • Go to the Start button;
  • Type in Explorer;
  • Shift Right-Click "Windows Explorer";
  • Run as different user.

That user will also need privileges to access the file system on the local machine, and perform any futher operations you'd like to execute.

Matt

Posted 2011-05-31T11:07:03.017

Reputation: 157

8This method has never worked for me. It certainly appears to work in that an Explorer window is launched, but the attentive user will quickly notice the new instance of Explorer most certainly does not have access to files to which only the Administrator account can access. – I say Reinstate Monica – 2016-06-28T14:14:08.817

@IsayReinstateMonica It's always worked for me. If you are trying to access files that only the Administrator account can access, make sure you're typing in the Administrator credentials and not just credentials of an account with admin rights. – TylerH – 2019-11-19T16:42:21.727

While @Matt has the process right, @Pär Björklund is correct when it comes to network shares. You can connect using someone else's credentials. If that is all you need, I would go with that answer. – Doltknuckle – 2011-05-31T18:52:42.490

7

This works for Windows 7, 8.0, 8.1 and 10

  1. Start the Registry Editor as an Administrative User.
  2. Navigate to, take ownership of, and grant yourself Full Control permission to the key HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
  3. Rename the value RunAs to _RunAs.
  4. Close Regedit.
  5. Create a shortcut on the Desktop to C:\Windows\Explorer.exe
  6. Right-click the shortcut and choose Run as administrator. This will open Explorer in the security context of the Administrator.

digitally_inspired

Posted 2011-05-31T11:07:03.017

Reputation: 97

0

Open Task Manager and End Task on explorer.exe

From File use 'Run New Task'

In the Run window type: runas /user:domain\username explorer.exe

When you press enter a CMD window should open prompting for the password of the elevated user.

Once entered you can confirm what user is running the Explorer.exe in Task Manager

Ball.Nathan.w

Posted 2011-05-31T11:07:03.017

Reputation: 1

2

You posted exactly the same answer here. Please don't do that. If the questions are different, please adapt your answer to each question instead of posting exactly the same answer. If the questions are the same, only answer one of them and flag the other one as a duplicate (I understand you don't have enough reputation to flag, but since that's the case, just post an answer to one of them and hope someone else will flag it as a duplicate).

– Donald Duck – 2018-01-18T20:07:55.293

0

Here is command line batch script if somebody needs one click solution. You'll need to put SubInACL.exe in the folder with script (get it here from Microsoft).

@echo off
Setlocal EnableDelayedExpansion
:check_admin
NET FILE 1>NUL 2>NUL
IF ERRORLEVEL 1 (
    cls
    echo Starting as admin ...
    powershell "saps -filepath %0 -verb runas" >nul 2>&1
    exit
)
cls

:set_privileges
rem Enable explorer to run privileged, src: https://superuser.com/a/591082/145585

echo Setting permissions ...
rem change owner to Administrators
rem should report: Done:        1, Modified        1, Failed        0, Syntax errors        0
%~dp0subinacl.exe /noverbose /statistic /subkeyreg "HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /setowner=administrators >nul 2>nul

rem give Administrators full permission
rem should report: Done:        1, Modified        1, Failed        0, Syntax errors        0
%~dp0subinacl.exe /noverbose /statistic /subkeyreg "HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /grant=administrators=f >nul 2>nul

echo Rename registry entry ...
powershell -ExecutionPolicy Bypass -Command "Rename-ItemProperty -Path 'Registry::HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}' -Name 'RunAs' -NewName '_Runas' -ErrorAction SilentlyContinue"

:run_explorer
echo Starting explorer ...
start "" /MAX "c:\windows\explorer.exe" "%~dp0"

Stritof

Posted 2011-05-31T11:07:03.017

Reputation: 160

-1

shift and right click the .exe to see the option in question or from CLI runas /user:"domain\username" "whatever"

user762749

Posted 2011-05-31T11:07:03.017

Reputation: 1

>

  • answer already given, and 2) it doesn't work, see other answers.
  • < – xenoid – 2017-08-18T20:46:34.067