Differences between RunAsRob, RunAsAdmin, RunAsService and RunAsSpc:
a part of RunAsRob
a part of RunasRob
the classic tool
||Contains RunAsAdmin, RunAsService and
can control allowed applications by an encrypted file, which can send anyone to use it.
|Allowed application controlled by registry settings.
Need no encrypted file.
Several applications can be configure at one go.
Support of wildcard *
Compatible with group policy.
|The application is running as service automatic after you turn on the computer and before any user is logged in.
Interaction between user and program isn't possible.
|Allowed applications and credentials controlled by an encrypted file or clear text.
||Run application under user account from encrypted file. This can be an administrator or any other user account.
Requires no installation procedure.
||Run application under system account with highest privileges and without the popup of an UAC dialog.
Suitable for installations, updates and patches.
Disadvantage: A service is not a complete account. Its missing a user profile and an own HKU registry path.
||The only possible login option. Not editable
||Launch application with administrator permissions under the own fully account of the limited user with his own profile and enviroment.
Suitable for running programs who need user properties like office.
||Application use logon credentials from encrypted file for remote connections.
Detail guidance 1:
Command line arguments of RunasRob:
- Installation commands
>> runasrob.exe /install <<
>> runasrob.exe /uninstall <<
- To create an encrypted file.
Open the configuration window of RunAsRob for encrypted files by double click to runasrob.exe or call it with option /configure
>> runasrob.exe /configure <<
- To run a encrypted file over runasrob.exe use the option /cryptfile
>> runasrob.exe /cryptfile: “c:\path\yourcryptfile.xus”<<
or drag and drop the encrypted file over runasrob.exe.
- For a call without status messages use the switch /quiet
>> runasrob.exe /install /quiet <<
>> runasrob.exe /cryptfile: “c:\path\yourcryptfile.xus”
- To set folders, its applications can be launch with
administrator rights or allow only a specific application.
Install runasrob with option /allowedpath, followed by the
allowed folders or applications. Semicolon separated to allow
more than one folder or application.
>> runasrob.exe /install /allowedpath:c:\program
- To run applications from this allowed folder
drag and drop the application.exe over runasrob.exe
or use the following call >> runasrob.exe
This can be done by command line, batch file, shortcut or any
- An advanced optional switch are /assystem or /asadmin.
/assystem -> The allowed application is running under
service account with elevated admin rights.
/asadmin -> After the user enter his credentials he
will be member of the local administrator group for this
application which is running under his own account.
>> runasrob.exe /install /allowedpath:"\\server\share1\setup.exe;\\server\share2\;C:\windows\system32\regedt32.exe /asadmin;C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe /assystem"
- To configure an application or script to start it permanently
as service use the option /servicemode: followed by the
>> runasrob.exe /install
- You can combine the arguments of RunasRob like the following
>> runasrob.exe /install /quiet /servicemode:"c:\system\monitoring.exe" /allowedpath:"\\server\share\folder2\;c:\windows\system32\regedt32.exe /asadmin" <<
- Create encrypted files by command line are possible with
RunAsSpc.exe. This files are also readable with RunAsRob.exe
Detail guidance 2:
Edit the Registry Key of RunAsRob:
Here you configure the values AllowedPath, ServiceMode, LogonFlag
directly or over central group policy in a domain.
Changes will take effect after restart of service RunasRob
Warning, serious problems might occur if you change the registry
Running on Windows 10 Professional and Home, Windows Server 2019.
64 Bit and 32 Bit Version included.
The restriction of the free version for private use is the
start-up window with the license information,
which appears at random intervals, even if you set the switch /quiet.
Environment variables can use like >> %windir%\system32\regedt32.exe\CompMgmtLauncher.exe <<
Wildcards can set as authorized path. Example: >> *\updates\flashplayerversion*.exe <<.
Authorize only a specific user or group to run a an application.
This can be achieved over folder permissions to the program file, encrypted file or the folder.
Program arguments are working. If passing arguments are not working, because quotation marks or complex arguments are not accepted in RunasRob.
Workaround of this problem is a one line batch file with your complete applicaton call include all arguments.
Run this one line batch file over RunasRob.
Most errors are system errors which are returned from runasrob to user.
This system error codes are explained by Microsoft on
For any suggestions, errors, questions, specific requirements or adjustments please contact:
RunasRob is only free for private use.
For companies and other organisations we deliver a licensed version, registered to the organisation name.
Order RunasRob >>>
Download RunasRob >>>