Author Posts

November 13, 2017 at 7:14 am

Scenario: Win7 and Win10; I use a smart card which holds privileged (admin) and unprivileged (user) certs; would like to not need to log out of user and into admin to do something as simple as view restricted folders and their permissions etc.

Goal: While logged into my unprivileged account, invoke my admin certificate on the smart card to enable viewing/editing of group-restricted folders in explorer.

What I've tried: using the -smartcard argument with runas, using -user argument to specify my admin account; using -user along with the specific file path I'm attempting to access by pasting it after the explorer.exe (runas -user:adminacc explorer.exe \\server\drivename); using both of those arguments together

Results: opens explorer, but explorer does not recognize e as admin at the point of clicking on the shared drive and attempting to open the targeted folder; when using both together it gives an error if I try to specifiy the folder path as I have done while solely utilizing the -user argument

Anyone mind pointing me towards the right direction? I'm getting to the point of feeling like I am investing more time than the return I'd potentially get if/when I figure this out. Thank you for any guidance you can provide.

November 13, 2017 at 3:29 pm

Try using something other than explorer.exe to browse the remote share. You could even try launching runas with notepad and use the file open in notepad to see if you can access the folders. It might be that explorer.exe is to tightly tied to your current windows session.