Using runasrole

The runasrole command-line program enables you to run a specified Windows application using a specified Centrify access role. You can use command line options to control whether the role is used as a local role, a network role, or both, and whether to use the current environment or the environment variables associated with the “Run As” user account. The runasrole command line program is equivalent to selecting the Run with Privilege menu option when right-clicking an application shortcut or executable.

The syntax for the runasrole command is:

runasrole /role:role[/zone] [options] application [argument]
runasrole /localrole:role[/zone] [options] application [argument]
runasrole /networkrole:role[/zone] [options] application [argument]

You must specify the role to use in the rolename/zonename format. You must also specify an appropriate path to the application you want to access, including any required or optional arguments.

You can use the following command line arguments and options with the runasrole command:

Use this option To do this

/role

Use the role name you specify as both a local role and a network role. You can specify this option to run an application locally and access a remote server using the same role, if applicable.

You should only use this option if the role you are assigned and want to use has both local and network access rights defined.

/localrole

Use the role name you specify as a local role.

/networkrole

Use the role name you specify as a network role.

/env

Use the current environment variables instead of the environment variables associated with the "Run As" user account.

/netdrives

Use mapped network drives when running an application with the selected role.

By default, you cannot use mapped network drives that are associated with you logged-on user account when running applications using a role with elevated privileges. If you want to use a mapped network drive when accessing an application using a selected role, include the /netdrives option in the command line.

/removetimestamp

Remove the grace period on Windows authentication and MFA for the current user session.

/wait

Prevents the runasrole program from exiting immediately after opening the specified application.

If you specify this option, the runasrole program starts the specified application and waits until the application session ends before exiting. When the application session ends, the runasrole program exits and returns the same result code as the application.

If you specify this option and the application is a command line utility, the runasrole program redirects the application's input and output to the command line console.

You should note that some applications use a Microsoft API that does not support redirection of standard input and output. For applications that don’t support redirection, the /wait option has no effect and is ignored.

/h

Displays the command help.