The netonly option in runas

As a consultant, I usually end up on a network that my computer is not a domain member of.  Generally I am provided with a logon and sometimes a remote desktop session.  Sometimes not.  That's a problem when you need to run a program that uses integrated Windows authentication, but you need to do it as a user on the client's Active Directory environment.  Specifically I am referring to SQL Server Management Studio, but really this applies to any piece of management software.  Naturally, you would think to use runas, but that won't work if your local computer doesn't know about the domain and user.  There is a solution though, and it doesn't require any black magic.

The runas command has a lot of available options.  If you run runas with a /? it will give you a full list.  Among those options is netonly.  Netonly does not attempt to verify the credentials submitted by the runas command.  Instead it launches the command as the current users, but then submits the credentials to any Windows Integrated authentication.  If you run this command:
runas /netonly /user:domain\myusername notepad
You will be prompted for a password.  Then the application immediately launches.  Looking in Task Manager, the notepad.exe process is being run as your local user account.  If you used this to launch SQL Server Management Studio, however, you would be able to connect to a remote instance of a database engine using whatever domain credentials you want.

I've set up a series of batch files in a folder for my commonly used applications that require this sort of setup.  Then I only need to enter the relevant username and password.

I hope this is helpful.  If you have a different solution to this problem, be sure to leave a comment!

Labels: , ,