Ramblings of a DBA

Tara Kizer
posts - 165, comments - 832, trackbacks - 75

My Links

Advertisement

News

Subscribe
Search this Blog

Archives

Post Categories

Work

How to run a process using different credentials

There are times when I need to run some process using credentials other than my current security context, such as when my userid doesn't have permissions to a remote resource but another userid does.  I can easily do this interactively via the "Run as..." option (right click a process and then enter credentials) or via the runas command in a cmd window.  The problem with these though is that I have to type in a password, which creates a problem when I want to do this as a scheduled job.  In the past, I've written a batch file to map a drive using the other credentials via the NET USE command.  I've never liked that approach so when I recently needed to revisit this, I decided I'd look for alternative solutions. 

I tried three different solutions: adding an echo to the runas command, runasspc, and CPAU

The first solution didn't work at all for me.  I found several pages that suggested piping the password with the runas command via echo command.  I didn't see any evidence that this approach worked, but rather they were suggesting to try it.  Here's what I tried:

echo password | runas /user:DomainName\UserName E:\Folder1\Process1.exe

I couldn't get the second solution, runasspc, to work, but I'm sure I just didn't try hard enough.  I had very little patience that day.  You don't need to install the tool, but you will need to copy all of the files and subdirectories if you want it to run on other servers.  Here is an example call:

runasspc.exe /program:"E:\Folder1\Process1.exe" /domain:"DomainName /user:"UserName" /password:"password"

The third solution, CPAU, worked great and didn't have any other dependent files which makes it easy to setup other servers with it.  Here are some example calls:

E:\CPAU\CPAU.exe -u DomainName\UserName -p password -ex E:\Folder1\Process1.exe -nowarn

E:\CPAU\CPAU.exe -u DomainName\UserName -p password -ex E:\Folder1\BatchFile1.cmd -nowarn

E:\CPAU\CPAU.exe -u DomainName\UserName -p password -ex "xcopy \\Server1\Share1\File1.txt E:\Folder1\ /Y" -nowarn

Any of the above example calls would solve my current issue, however I ended up using the last one since I'm simply doing a file copy.  The third one is better than the second one as I don't need an extra file to do the xcopy. 

Here's what I embedded into my stored procedure that copies the production databases down to development:

EXEC master.sys.xp_cmdshell 'E:\CPAU\CPAU.exe -u DomainName\UserName -p password -ex "xcopy \\Server1\Share1\File1.txt E:\Folder1\ /Y" -nowarn -wait -hide', NO_OUTPUT

There are other ways to do this, but CPAU works great for me and is lightweight.  Let me know if there is something better out there though.

Print | posted on Monday, August 25, 2008 2:34 PM | Filed Under [ Other ]

Feedback

Gravatar

# re: How to run a process using different credentials

Do the new SQL Server 2005 command EXECUTE AS work with xp_cmdshell?

EXEC xp_cmd_shell 'xcopy \\Server1\Share1\File1.txt E:\Folder1\ /Y'
EXECUTE AS CALLER;
EXEC xp_cmd_shell 'xcopy \\Server1\Share1\File1.txt E:\Folder1\ /Y'
REVERT;
EXEC xp_cmd_shell 'xcopy \\Server1\Share1\File1.txt E:\Folder1\ /Y
'
8/25/2008 10:52 PM | Peso
Gravatar

# re: How to run a process using different credentials

Peso,

That wouldn't work as that account has no access to \\Server1\Share1.
8/26/2008 9:08 AM | Tara
Gravatar

# re: How to run a process using different credentials

You could also use the sysinternals runas tool... http://technet.microsoft.com/en-us/sysinternals/cc300361.aspx We have used this before in cases where we have needed to execute a process as a different user.

When we have needed to map a drive to copy a file or run a backup in SQL 2000 to a samba share on a linux server for example, we would create a job with three steps. When mapping the drive in the first step make sure to use /persistent looking something like...


Step 1:
net use z: \\server\share password /user:domain\username /persistent

Step 2:
copy c:\folder\file.txt z:\folder\file.txt

Step 3:
net use /delete z:
10/3/2008 9:32 AM | lordicarus
Comments have been closed on this topic.

Powered by:
Powered By Subtext Powered By ASP.NET