Friday, January 05, 2007

Run As - explorer.exe - Admin priv

Sometime you need to login to your local machine as a normal user - to maintain least privileges. However, some of your tasks needing you to have higher level of privileges - e.g. open a folder that has NTFS permission for admin group only.

The best way is to run explorer.exe as admin user. But, Windows XP does not support running an explorer.exe as different context. It will spawn a new explorer.exe process under the parent explorer.exe process which has a normal user context.

Here is the trick:

Open the registry (regedit)
Navigate to the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\

Right click the "shell" folder and choose New -> Key
Name it: OpenAsAdminUser

Click the "OpenAsAdminUser" folder and find the (Default) string value
Double Click on that string value, put the value data:
Open An Explorer Window as Admin User

Right Click the "OpenAsAdminUser" folder and choose New -> Key
Give it the name: command

Click the "command" folder and find the (Default) string value
Double click on that string value, put the value data:
runas.exe /user:DOMAIN\ADMIN "explorer.exe /SEPARATE,%L"

Now open your explorer, navigate to any folder you want to open as admin user, right click, you will have the new menu called: Open An Explorer Window as Admin User. Choose that and enter your admin password. Bingo!!

No comments: