Run Windows MMC as a different user

While logged in to a Windows Desktop as a normal domain user (jonny) I wanted to be able to run the Active Directory Users and Computers snap-in as a Domain Admin user (adm-jonny) to do so requires using the ‘runas’ command.

When I had first tried using the ‘runas’ command I had problems related to permissions e.g. “The requested operation requires elevation”despite adding the Domain Admin user (adm-jonny) as an administrator on the local machine and running the command prompt as administrator and even using the runas command first to create a command prompt as the local administrator:

runas /user:MACHINENAME\administrator cmd

I then checked the user I was running as with whoami:

Windows runas command

Although I would have expected this to have worked I kept getting error messages about elevation – so I had to resort to disabling UAC.

Disable UAC

To disable User Access Control in Windows 7 click: Start > Control Panel

Then type uac into the upper right search box

Next click on ‘Change User Account Control settings’

Windows 7 UACSet the slider to the bottom i.e. Never Notify

uac - never notify

Note: Make sure you reboot after making this change!

Using Runas

Once I had disabled UAC I was able to successfully run the following command in a command prompt:

runas.exe /user:DOMAIN\adminusername "mmc c:\Windows\System32\dsa.msc"

So next I created a shortcut for the command, right-clicking the desktop and choosing New > Shortcut:

newshortcut

Next I entered the command with full paths to files:

c:\Windows\System32\runas.exe /SAVECRED /user:DOMAIN\adminusername "c:\Windows\System32\mmc.exe c:\Windows\System32\dsa.msc"

shortcut-locationAfter creating the shortcut I right-clicked and chose Properties > Change Icon to set the icon to the mmc icon as follows:

shortcut-icon

 

9 Responses to “Run Windows MMC as a different user”

  1. Matt

    Since you are one of the first Google responses I found for this, I wanted to present the solution that will avoid you from having to disable UAC.

    Anything that requires elevation on your local PC can be solved this way as well:

    C:\Windows\System32\runas.exe /user:domain\user /savecred “cmd /c mmc c:\console.msc”

    The key is the cmd /c before typing mmc and the path to it which “carries out the command and then terminates”. This will prevent seeing a message about needing elevation and you can keep your UAC on your PC.

    Just thought I would pass this along to anyone else who finds this through Google and wants a better solution.

    Reply
  2. ZNSUSA

    I got an error with above, on Windows 7. However the following worked for me:

    C:\Windows\System32\runas.exe /noprofile /user:domain\user “mmc”

    You can put it in a .bat file, and save on desktop. Next time you need it, just double-click it, it will ask for password, give password, and you are in MMC as a domain\user.

    Thanks

    Reply
  3. Rich

    Great article thank you everyone. Question, is the cmd window supposed to stay open after the mmc appears? I can close the CMD. I can also close the MMC and the CMD closes.

    Regards,
    Rich

    Reply
  4. Datalore

    Here is how I get around the command prompt issue:

    C:\Windows\System32\runas.exe /user:DOMAIN\USER “cmd /c start \”\” mmc %SystemRoot%\system32\dsa.msc”

    I am deliberately leaving out the /SAVECRED parameter, as I want to be challenged each and every time for my admin password, and for the credentials NOT to be saved on my laptop. This opens a command prompt that justs asks for my password

    It still opens the command prompt, but the moment ‘cmd /c’ passes to ‘start’, it closes the command prompt immediately.

    I need to investigate why leaving out ‘cmd /c’ doesn’t work in a shortcut, as it works if I paste it into a command prompt:

    C:\Windows\System32\runas.exe /user:DOMAIN\USER “start \”\” mmc %SystemRoot%\system32\dsa.msc”

    Might look into that when I have the time.

    Reply
  5. Emilian Tomas

    Hi guys,
    I’ve tried all of the above and none of them worked.
    I need to run Active Directory like below:
    runas /user:domain\username “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AD.msc”

    I’m logged into the machine with a user from a domain, but I need to open AD with another user which is in a different domain that it’s included in my machine

    Please let me know if you have any ideas.

    Thank you in advance!

    Reply

Leave a Reply to Datalore

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>