Thursday, April 26, 2007

Using RUNAS and Securing Exchange Daily Task

Here in this this article i will write about, one of the most I have needed to work on daily basis, Remote execute program with this tool It is possible to run "CMD" window on the remote server, as long as you have the proper rights and you logged into a domain. Speaking of daily Exchange and AD admin life, I have realized many of the administrators won't work in secure environment, they log into Domain with Domain administrator privileges and they go to internet and perform daily task with that. When it comes to s security, we more complain about windows is not being secure, but I think we need to look at ourselves and use the windows right way so that windows will provide secure environment for work daily routine. I will demonstrate a secure way of working with Windows and getting the entire daily job done without problems

First thing you will need to have two accounts in a Domain, let's say we will create an account named oz

First Account Name


Domain User Mail enabled

Second account


Domain administrator, Enterprise administrator No mailbox

Now log into your work station with domain User account, this account is to be logged into system all he times.

We will not log into systems with our ZZ-oz account, we will use RUNAS and get the job done with ZZ account privileges when we need it

After you logged in (remember you are a Domain user now, CANNOT give any damage to anything pretty much, try going to device manager and deleting a device, windows will deny your request.)

Now open a notepad and type

runas /user:archq\zz-oz cmd.exe Change my name into your account name

Click Save, File Name RunAS.bat Save Type as, all files

And save it on your Desktop. Now when you double click on it DOS window will open up and ask you to type your password, ones you successfully type your password ( pay attention this is Domain admin password)

A window will open up with Domain admin privileges.

Now you are still logged in as a domain user, but you have a window in from of you (CMD.EXE) which is running with your domain admin privileges.

So what can you do with this?

Go ahead download,

Windows 2003 Support tools so that you can manage AD with it.

Download Here

When it gets to installation all you need to do, is drag the program into CMD window, and hit enter on the keyboard, the setup installation program will be executed with your Domain administrator privileges

It is kind of cool.

Now after installation if you go to rum command and type

Dsa.msc ADUC snap in wont lunch, will lunch but you won't be able to perform any admin task,

Why because you executed it with your domain user credential so windows know you are a user, and have no business of seeing the ADUC snap in.

However, if you type the same command into CMD window which is running with Domain administrator privileges, ADUC will happily open up, and you can perform any task as you wish as Domain Administrators

Now you got the idea, go ahead and play with other thing,

TIPS: you don't have to remember all the short cut abbreviations, you can simply drag and drop anything into CMD windows running under Domain administrator privileges,( don't forget to press on enter) this will execute the program with domain admin credential.

I open ESM several times just like this, during a working day.

Now you get the idea, working secure and smart is up to you. Making windows and managing exchange is up to you as well.

Now, one of the cools thing Windows Sysinternals (Free) is to get the program called


Download the ZIP the suite of the entire tools form my Blog site

What is this Psexec tool? Lets you execute processes on other systems

This is great and always what we wanted to do. Now unzip this and save it to your System32 directory below on your Desktop.


Paste all the files (Entire Suite) into this directory

Go back to administrator CMD window. Don't forget you need to be in Domain Environment.

Here is the situation we need want to open Remote CMD window on our exchange server while we are logged into our workstation

Exchange serve name is BIOBR2

So we will type this command into Domain administrator CMD window

Type below command

Psexec \\biobr2 cmd.exe

On the command line if you type hostname, you will noticed you are on BIOBR2 server and If you do IP config you will get the IP configuration of the remote server

Now, you can type there, Services.msc, Compmgmt.msc Notepad You can open internet explorer, remote console user will see internet explorer will open up miserly on the server. There are more cool programs in your system32 directory, along with Psexec.exe which is fun to play with

Special thanks to Ron Buzzon, who is my friend future Exchange and AD MVP candidate

Best Regards,

Oz Ozugurlu

1 comment:

Unknown said...

Best Moving Company +971 50 3605353

We are Cheap Movers in Dubai, providing best moving

services at reasonable prices. Call Now for Residential and Commercial Dubai Movers +971503605353

Dubai Movers
Movers Dubai
moving services dubai
moving company
movers dubai
home movers dubai
Packer in Dubai
Local Movers
Cheap Movers in Dubai
Dubai Local Movers