Steel Run As solves a problem that every Windows administrator faces sooner or later. It allows you to let standard users run a specific program with administrator privileges. This works in login scripts, in Windows domains or on standalone workstations. Important is that the user doesn't have to know the administrator's password, like with the Windows runas command. Best of all is that Steel Run As is very easy to set up.
Latest posts by Michael Pietroforte (see all)
- Author and member of the year 2019 – Why DevOps still doesn't rule the IT world - Wed, Jan 1 2020
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
When I first heard that Microsoft was going to introduce UAC in Windows, I thought it would be something similar to sudo in Linux. Unfortunately, UAC is no match at all for sudo. The feature I miss most is the ability to allow certain end users to manage specific operating system features that require administrator rights.
A typical example are the TCP/IP settings. Laptop users sometimes have to change their IP address themselves because some hotels don' t use DHCP. The problem is that changing the network settings requires admin rights. Of course, you could just add the user to the administrators' group; but this is something that responsible administrators try to avoid at all costs.
Steel Run As is not really comparable to sudo, but it can help you with similar problems. The tool has a simple GUI in which you have to configure the credentials of the administrator account, the command to execute and the working directory. Don't forget the latter setting under Windows Vista. It seems one has to browse to the command; typing the path doesn’t work.
Steel Run As creates an executable that the user has to run. This program then launches the program that has to be executed with administrator rights. Note that the Steel Run As executable doesn't contain the program that you want to run with admin privileges. This means that you also have to make sure that both the program and the Steel Run AS exe are available on the user's computer. Steel Run As uses a cyclic redundancy check (CRC) to verify that the program hasn't been altered. You don't have to install Steel Run As itself on the user's computer, though.
Also note that if UAC is enabled, you have to make sure that the program is elevated. Steel Run As doesn't do that for you. Please check out my article about UAC elevation for more information about this issue. On Windows XP machines, you don't to have to deal with this problem.
In one of my next posts I will show you how you can use Steel Run As to allow standard users to change the TCP/IP settings. You can take this as an example of how to use Steel Run As with batch scripts.
If you are an experienced admin you probably have found other workarounds for this Windows shortcoming. I am curious to know how you solved this problem.
Warning: Be careful with programs that allow user to open files. Users can open other programs with admin privileges this way. See comment below.
Update: Please, also check out my new article about RUNASSPC and CPAU, two comparable tools.