In Windows 2000 and XP, what is the Secondary Logon service?
Windows 2000 and XP offer a Secondary Logon service (also known as "run as") that lets you run programs as different users. This tool is helpful in applying the principle of least privilege. For example, you can log into your computer as a normal user, and when you need to have administrative privileges to carry out a task, you can launch that program using the Secondary Logon service to select an administrative account.
There are a couple of ways you can use the Secondary Logon service:
- Navigate to the program you'd like to launch with different
privileges. Click it once to select it, then hold down the
Shiftkey and right-click the program. You'll see a contextual menu from which you can selectRun as...and then choose a different account.
- From the
Startmenu, selectRun..., and enter the following command: runas /user:username cmdReplace
usernamewith the name of the account you want to use. You can replacecmdwith any command you'd like to run (if it contains spaces between characters, enclose it in double quotes). ClickOK. When prompted, enter the password for the account you've chosen. This method will start a new command shell in a new session, from which you can launch programs.
For more information about the Windows Secondary Logon service, see articles 225035 and 305780 in the Microsoft knowledge base.
You can search Microsoft's knowledge base at:
http://support.microsoft.com/default.aspxAlso see:
- In Symantec/Norton AntiVirus for Windows, how do I schedule automatic LiveUpdates and virus scans?
- What are service packs for Windows, and where can I get them?
- In Unix, what are the sudo and su commands?
- In Windows, why should I avoid running my computer as an administrator?
Last modified on May 29, 2008.
