The su of Windows

25 Feb 2007

On Linux based system, it’s a common idiom to impersonate the root user whenever you have to perform a privileged operation. This is typically accomplished using the su command, which, although used less frequently, has a Windows equivalent, called runat.exe.

runat.exe turned out to be quite useful when I had to do some work with MS SQL 2005 Server, Analysis Service. The thing with Analysis Service is that it’s Windows authentication only, whereas MS SQL 2005 Server supports mixed mode authentication.

My only option for getting in touch with Analysis Service was using SQL Server Management Studio by impersonating an existing Windows user, who is allowed access to Analysis Service (I didn’t have the option of creating a new account on the machine running Analysis Service and the machine wasn’t allowed to trust the domain my desktop computer was on (it’s a tough world out there)).

So, using runat.exe, I ran the command below (on one line, from a shortcut), in effect causing the display of a prompt asking for the password for my_impersonated_user. Upon entering the password sqlwb.exe starts up as if it was run from the local my_impersonated_user account.

C:\Windows\System32\runas.exe /user:my_impersonated_user "c:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\sqlwb.exe"

For the command to succeed my_impersonated_user have to be a user on the local machine with a username and password identical to the user that is allowed access to MS SQL 2005 Server/Analysis service.

Now Windows lets you logon to Analysis Service even if your local machine is on a different domain than the MS SQL 2005 Server.

Have comments or questions? Please drop me an email or tweet to @ronnieholm.