Scenario:
Your happily busy supporting a client ‘contoso’ from a remote location using a local VM that mimics most of their environment, along with an active VPN connection to be able to make the required network calls to the backend system while actively debugging.
This works fine in most cases for example interfacing with contoso's TFS, SQL, ect.
However I was faced with a bit of a predicament where the VM in question was not on contoso’s domain so the instance of VS was running under the local admin account and not my contoso AD account. This resulted in the one call going via a com+ proxy to use my local creds even thow its set to impersonate user X. After a LONG struggle of trying to jump throw the one hoop after the other I found myself running face first into the one wall after the other till I found this handy little parameter for the runas command… /netonly Indicating that the user information specified is for remote access only and so doing I could open VS and continue solving the issue at hand. :)
Happy coding
Syntax:
runas [{/profile|/noprofile}]
[/env]
[/netonly]
[/smartcard]
[/showtrustlevels]
[/trustlevel]
/user:UserAccountName program
Example:runas /netonly /user:contoso\petri.malherbe "C:\Program Files (x86)\...\IDE\devenv.exe"
Parameters:
|
/profile
|
Loads the user's profile. /profile is the
default.
|
/no profile
|
Specifies that the user's profile is not to be
loaded. This allows the application to load more quickly, but it can also
cause a malfunction in some applications.
|
/env
|
Specifies that the current network environment be
used instead of the user's local environment.
|
/netonly
|
Indicates that the user information specified is
for remote access only.
|
/smartcard
|
Indicates whether the credentials are to be
supplied from a smartcard.
|
/showtrustlevels
|
Lists the /trustlevel options.
|
/trustlevel
|
Specifies the level of authorization at which the
application is to run. Use /showtrustlevels to see the trust levels
available.
|
/user:UserAccountName
|
Specifies the name of the user account under
which to run the program. The user account format should be user@domain
or Domain\User.
|
program
|
Specifies the program or command to run using the
account specified in /user.
|
/?
|
Displays help at the command prompt.
|
Microsoft Remarks:
It is good practice for administrators to use an account with restrictive permissions to perform routine, nonadministrative tasks, and to use an account with broader permissions only when performing specific administrative tasks. To accomplish this without logging off and back on, log on with a regular user account, and then use the runas command to run the tools that require the broader permissions.
No comments:
Post a Comment