[Wtr-general] launch broswer as another user ?

Lonny Eachus lonny at titanez.net
Wed Aug 23 11:35:12 EDT 2006 

I know of two relatively simple means of starting IE under separate 
processes using different user credentials. Exactly how you do it 
depends on your requirements and preferences.

(1) You can use the Windows "RunAs" command to start a program under 
different user credentials. RunAs is well-docmented, you can find more 
than you want to know about it with a simple internet search. Of course, 
you have to have the separate user accounts already set up first!  : o )

There is a  quirk with Windows' "RunAs". Microsoft, in their "infinite 
wisdom", has refused to put a command in their command-line interface 
that will allow you to enter a user's password directly. So when you try 
to run something as a different user (via whatever means), you will be 
prompted to enter the password manually. Obviously, that creates 
problems for scripting. Their workaround is the "/savecred" command-line 
switch for RunAs. In effect, it lets you run something with another's 
credentials... once they have been saved by someone who knows that 
password. A full discussion would take up too much space... you can 
easily look this one up. Suffice it to say that you can shell from Ruby 
using "RunAs", and start a process under a different user's credentials. 
While it takes a little preparation (very little), this is MUCH easier 
than some of the other methods I have seen.  Just look up "RunAs  
/savecred" on the internet.

(2) You can shell to an AutoIt script that uses AutoIt's "RunAs" 
command, which takes the username and password as arguments and starts a 
process under a different user's credentials.

We have used both methods and they work. The funny thing is, Microsoft's 
"savecred" switch can be a massive security hole... the only practical 
difference between that and allowing you to script a password is that 
you have to have the password entered at least once...  which is goofy. 
Obviously there is a way to send the password to the operating system 
through an API call or some such, because AutoIt does just that.

Microsoft: "Security" through obfuscation.

Lonny Eachus
==========

> In my case i needed to start up several browsers concurrently and in this scenario, the only way to attach to them reliably and cleanly is to know the process id of each browser. I stole most of the code from Alex Verk, so it wasn't really a lot of coding on my part.
>
> If you know of an easier way ("Two short lines of code") to help Marco, i'm sure he and others would appreciate seeing it.
>
> Bret
>

More information about the Wtr-general mailing list