FAQs
Is Sanur secure?
Why don't you encrypt the password?
How do I run Sanur in VBScript?
How do I run Sanur in Kixtart?
How can I hide the password?
How do I pipe a blank password into Runas?
How do I pipe a password that has leading or trailing whitespace?
How do I redirect the output of the program being launched by Runas?
How can I determine if Runas started the target program ok?

Is Sanur secure? Of course NOT - the password is stored in plain text!

Why don't you encrypt the password? Sanur is inherently insecure in that it simulates keypresses by sending window messages to the command interpreter. Encrypting the password may give a false sense of security.

How do I run Sanur in VBScript? Because of the 'piping', you need to get the command interpreter (cmd.exe) to execute the command. You also need to quote the command. This example simply executes myprog.exe:-

Set WshShell = CreateObject("WScript.Shell")
WshShell.Run "%comspec% /c ""runas /u:dom\usr myprog.exe | sanur pass"""

Here's another example, this time the runas command contains quotes. The command executed is net localgroup administrators dom\fieldops /add:-

Set WshShell = CreateObject("WScript.Shell")
Dim sCmdLine
sCmdLine = "%comspec% /c " & chr(34) & "runas /u:dom\usr" & chr(34) &_
  "net localgroup administrators dom\fieldops /add" & chr(34) &_
  " | sanur  /i pass.txt " & chr(34)
WshShell.Run sCmdLine

Note: The same principles apply if running Sanur via a Java program. That is, use cmd.exe with the /c switch to execute the runas command.

How do I run Sanur in Kixtart? Because of the 'piping', the command interpreter (cmd.exe) must execute the command. This example runs myprog.exe:-

SHELL '%comspec% /c "runas /u:dom\usr myprog.exe | sanur pa55word"'

This example runs a program that has arguments:-

SHELL '%comspec% /c "runas /u:dom\user "%0\..\hotfix.exe -q -u -z" | sanur pa55word"'

See KB121387 for details of the %0\..\ syntax.

How can I hide the password? In short, don't use Sanur. However, if your file system is NTFS, you can partially obfuscate the password by storing it in an alternate data stream. This example shows how to 'hide' a password actually inside of a directory:-

md folder
>folder:pw echo/MyPassword

And this example shows how Sanur can access the password:-

runas /u:dom\usr "cmd /c c:\update.cmd" >&2 | sanur /i folder:pw

To learn more about ADSs, see the thread titled "Getting the MAC Address" in its entirety.

How do I pipe a blank password into Runas? Create a zero byte file and use the /i switch. For example:-

copy nul zerobytefile.txt
runas /u:domain\user "cmd /c c:\script.cmd" | sanur /i zerobytefile.txt

How do I pipe a password that has leading or trailing whitespace? Passwords specified on the commandline will have all leading and trailing whitespace trimmed. Therefore, you'll need to put the password in a file and use the /i switch. The example below shows how this could be done with a batch file. The syntax used prevents the batch file from adding/removing whitespace:-

@echo off & setlocal
:: this password has one leading and two trailing spaces
set "pw= P4wwass  "
>pass.txt (echo/%pw%)
runas /u:domain\user cmd >&2 | sanur /i pass.txt
del pass.txt

How do I redirect the output of the program being launched by Runas? In exactly the same way as you would when not using Sanur. For example:-

runas /u:domain\user "prog.exe /arg1 /arg2 >output.log" | sanur abc123

How can I determine if Runas started the target program ok? Since version 1.0.1 Sanur will only exit with a zero errorcode if Runas succeeded. You can use conditional processing or test the errorlevel to determine success or failure:-

runas /u:dom\usr prog.exe | sanur Pass && echo/Runas succeeded

runas /u:dom\usr prog.exe | sanur Pass || echo/Runas failed

runas /u:dom\usr prog.exe | sanur Pass && echo/Succeeded || echo/Failed

runas /u:dom\usr prog.exe | sanur Pass
if %errorlevel%==0 echo/Runas succeeded

runas /u:dom\usr prog.exe | sanur Pass
if not %errorlevel%==0 echo/Runas failed