RunAs

Configures a class to run under a specific user account when activated by a remote client without being written as a Win32 service. To do this, the RunAs named-value is set for the class to a user-name and optionally a password. These are then used when the Service Control Manager launches its local server process.

Registry Entry

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APPID\
                                    AppID_value}\RunAs = value

Remarks

The value specifies the user name, and must either of the form username, domain\username, or the string Interactive User.

Classes configured to RunAs a particular user may not be registered under any other identity, so calls to CoRegisterClassObjectGUU00R with this CLSID will fail unless the process was launched by OLE on behalf of an actual activation request.

The user-name is taken from the RunAs named-value under the class s AppID key. If the user-name is  Interactive User , the server is run in the identity of the user currently logged on and is connected to the interactive desktop.

Otherwise, the password is retrieved from a secret and safe portion of the registry available only to administrators of the machine and to the system. The user-name and password are then used to create a logon-session  in which the server is run. When launched in this way, the user  runs with its own desktop and window-station, and does not share window-handles, the clipboard, or other UI elements with the interactive user or other user running in other user accounts.

To establish a password for a RunAs class, you must use the DCOMCNFG administrative tool installed in the system directory.

For RunAs identities used by DCOM servers, the user account specified in the value must have the rights to log on as a batch job. This right can be added using the NT User Manager, under Policies-User Rights. Click on the Show Advanced User Rights box, select log on as a batch job, and add the RunAs user account.

The RunAs value is not used for servers configured to be run as services.  COM services that wish to run under an identity other than LocalSystem should set the appropriate user name and password using the services control panel applet.

See Also

Registering COM Servers