Several days ago, I blogged about the free tool Steel Run As. It allows standard users to run a program with administrator rights. Since then, I came across two other tools that serve the same purpose. One is the free command line tool CPAU, recommended by Andrew in my earlier post. The other is RUNASSPC (RUNAS + PASSWORD + ENCRYPTION) which is only free for personal use. Prices range between 20 and 200 Euros, depending on the number of computers you have in your network. While playing with RUNASSPC, I learned something new about Steel Run As, which simplifies its usage under Vista if UAC is enabled.

I assumed that it is necessary to avoid a UAC prompt if someone with standard user rights runs a program that requires admin rights. For this reason, I included the elevate command in the batch script, in my example that allows standard users to change the TCP/IP settings.

Steel-Run-As-elevate However, it is also possible to elevate the batch script by using the Powertoys elevate tool as the command to execute, and the patch script as parameter (see screenshot). This will trigger a UAC prompt, but the user doesn't require the administrator password to proceed (usually the case if someone with standard rights launches a program that needs admin privileges). This works with Steel Run As and RUNASSPC. I also tried it with CPAU, but its password encoding feature doesn't seem to work properly in Vista.

Note: Only the checksum of the elevate command will be verified; you have to make sure that end users don't have the right to modify the batch script. Anyone who can edit the file will be able to execute any program with administrator rights.

RUNASSPC and Steel Run AS are quite similar tools. The difference is that RUNASSPC creates an encrypted, not executable, file which contains the administrator password. To let a standard user run a program with admin rights, you must start the program on the command prompt, using the encrypted file as parameter. You can create a shortcut if you want to launch the program from the desktop.

runasspcadmin RUNASSPC has a few more options than Steel Run As, such as logon with and without profile (see screenshot). I am unsure if this justifies its price. CPAU offers even more options. However, beside the fact that it has problems with Vista, its disadvantage is that the author admits that CPAU's proprietary encoding algorithm might not be secure. RUNASSPC, on the other hand, uses the Rijndaels AES 256 Bit encryption method, which should be secure enough. I also contacted Steelsonic, the publisher of Steel Run As, to find out how their tool secures the password—unfortunately, they didn't respond. Hence, RUNASSPC may be the best choice; at least you know the admin password is safe.

Subscribe to 4sysops newsletter!

I only recommend using these tools if there is no other way to get the job done. Even if the tool of your choice is secure, storing the administrator password in a file is always risky. Making a mistake might compromise your whole network. One way to lower the risk is to use an account that has just enough privileges for the task.

  1. Andrew P 14 years ago
  2. Andrew, thanks. Looks interesting.

  3. erez 14 years ago


    about RunasSpc – I had a security analyst check the software and he found it uses a simple substitution ciper not aes or anything special.
    I also did not see any mention of what security they use.

    As a result I will probably opt for:
    Encrypted Runas

  4. Thanks for the tip!

  5. Senthil 14 years ago

    Hi There,

    I came across this review about Run-As while surfing the net casually. I would like to add up that Steel Run-As uses RC4 encryption with PRG (pseudo random seed) for encrypting the authentication parameters in the executable.

    Thanks and regards,

  6. Andrew P 14 years ago

    Regarding the solution I mentioned,, they rarely answer requests for support after you’ve purchased the product, very frustrating!

  7. m5 14 years ago

    It doesn’t matter what type of encryption is used, any half-intelligent hacker can extract the password anyway. So
    they should all change “secure” to “obfuscated”.

  8. joel franco 13 years ago

    Thank you by your work to publish this information.

    I remember of one tool that it itself run as administrator and all the user environment was under your control, and the user had user rights. Then, when an application needed to run under administrator priveleges, the tool could be configured to run it.

    I’m at this moment looking for it.


  9. norbert 13 years ago

    hi, we have download steel run as and see, that we can do any installation. but after a while, the program is NOT FOR FREE – !

  10. Wilson 13 years ago

    Here is what I’ve done to add RunasSPC as a (right click) .exe ext handler – works perfectly
    I placed the EXE file in the “PATH” \windows\system32 directory

    Windows Registry Editor Version 5.00


    @=”runasspc.exe /program:\”%1\” /domain:\”localhost\” /user:\”administrator\” /password:\”\” /quiet”

    Also it works in application Properties – “Target” shortcut

    C:\WINDOWS\system32\runasspc.exe /program:”<Path to Program.exe" /domain:"localhost" /user:"administrator" /password:"<administrator password here" /quiet

  11. Asam 12 years ago

    runasspc is really a great simple solution, free
    and is running on Windows 7

    thanks a lot

  12. Mick 10 years ago

    These types of programs do *not* protect the credentials used, because they must ultimately call the Windows API and pass the decrypted credentials. Non-admin users can easily capture this information:

  13. Bruno B 9 years ago

    Thanks for the Useful post. Not freeware though.. good tool for a 15$ bargain…

Leave a reply

Please enclose code in pre tags

Your email address will not be published.


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account