Josh's Windows Weblog » Windows Vista Tip: Run as administrator

Windows Vista Tip: Run as administrator

Now that you have begun your Windows Vista testing you may find that you are struggling a bit with performing remote admin operations on your Windows Vista workstation like you used to on Windows XP. In Windows XP right clicking on a shortcut in the start menu and selecting "Run as" would always prompt you for the credentials you wanted to use to perform an operation. In Windows Vista if you are a local administrator on the workstation the default behavior doesn't prompt you for credentials, it presents with what is called a Consent UI. Basically it makes the assumption that since the ID that you are logged in with is an admin on the local workstation that the admin operation that you are about to perform just needs your full token.

This assumption can be false in companies that have adopted the best practice of maintaining a separate ID to perform administrative operations. So even though you are an admin on your workstation your logon account has no real rights to your domain. Here is a quick way to change the behavior of that prompt to revert it to something more like Window XP.

Step 1.) Launch GPedit.msc with administrative rights.

Step 2.) Browse to Windows Settings | Local Policies | Security Options

Step 3.) Scroll down to User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode and double click

Step 4.) Change this value from Prompt for Consent to Prompt for Credentials

This will make every admin operation prompt you for credentials while it is great if you do a lot of remote operations it can become tedious if you are performing a lot of local admin operations. Additionally, if the process you are running requires both local admin and remote admin rights you will need to make sure that your admin account for the remote operation is also an admin on your workstation as well.

Bonus Tip: If your machine is a member of the domain and you are trying to use a local admin account in a credentials prompt you can put .\ in front of the ID and the domain will automatically change your local workstation.

Additional Tips

Posted Dec 01 2006, 06:50 AM by Josh Phillips
Filed under: , ,
Did you enjoy this article? If yes, then subscribe to our RSS 2.0 feed

Comments

Canned tidbits on Exchange server wrote Runas elevated account in Vista
on 01-21-2007 10:23 AM

Ever since I've been running Vista on my primary laptop I could never find out how to get a runas command

Windows is a registered trademark of Microsoft Corporation.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems Themed By nb development