Encrypted_Runas_001

8/7/2019 Encrypted_Runas_001

1/18

Encrypted Runas

DTII / Ch. BernerDate 21.11.2007


2/18

Ch. Berner Encrypted Runas 04.12.2007DTII Version 001

Encrypted_Runas_001.doc 2/ 18

Contents

1. Encrypted Runas Shortcut............................................................................................................ 3

1.1. Create an Application Account...................................................................................................... 31.2. Installation of Encrypted Runas Tool .......................................................................................... 10

1.3. Register Encrypted Runas.......................................................................................................... 13

1.4. Create a Encrypted Runas Icon.................................................................................................. 15


3/18



1. Encrypted Runas Shortcut

Working in a corporate establishment it soon becomes apparent that some software will not run

without adding the domain user to the local Administrator account, this is not an ideal situation.

Encrypted RunAs Shortcuts allows only the required rights to be given to the program to run andnot the whole computer.

Microsoft provides a command line utility called runas, this command allows programs to be runwith other user credentials. The problem with Microsoft runas is that the password needs to betyped each time it is run, therefore it is not ideal for scripting or use in a corporate environment.

Encrypted RunAs gets round this problem by creating encrypted shortcuts to programs that needs

to be run with different user credentials, so the password does not need to be given to the user.ERunAs uses >128 bit encryption for the shortcuts, the password is encrypted twice usinginformation located on the computer/domain.

1.1. Create an Application Account

Create a new Account in the OU U_Admin of your Site


4/18



This is just an example. Depending from the Site and Application Name, the account logon name willbe different. If possible create an Account for each Application, which will be launched by the

Encrypted Runas tool. The same account can be used for all users, which use the same application.

First Name: EncryptedRunasLast Name: enter the name of the Application


5/18



User Logon Name: erwiApplNameName Convention for the User Logon Name:[er= Encrypted Runas Account ][wi= Site Code][ ApplName= Application Name]

Example for the Logon Name:

erndtypogragh Encrypted Runas, New Delhi, Application Typograph

erinaccountplus Encrypted Runas, Ingolstadt, Application Account Plus

Enter the passwordEnable Password never expired


6/18



Rename the account from EncryptedRunas ApplicationName to erwiapplname EncryptedRunasApplicationName

Open the Properties of this account


7/18



Enter the description for this account


8/18



Make this Account member of the Client Administrator group


9/18



Account is now ready for use


10/18



1.2. Installation of Encrypted Runas Tool

Launch the install program


11/18




12/18




13/18



1.3. Register Encrypted Runas


14/18



The License information is listed in the file License.txt

Select All Users


15/18



1.4. Create a Encrypted Runas Icon

Logon with the normal user account to the computer

Start Encrypted Runas


16/18




17/18



Enter the Encrypted Runas accountEnable Account Type Domain

Enter the command line for the Application ( can be find with browsing )

Click on Test CommandClick on Save .eras File

Selct the needed options

Click on Save


18/18


Now a shortcut should be created on the desktop.

Shortcut properties

Finish

Documents

Encrypted_Runas_001