Runas parameters can use in a command and set in a shortcut, batch file or any other script.
>> runas /user:localhost\username cmd.exe <<
At next step you have to enter the password of the account, before the application start with different credentials
It is not possible to set the password in the first command like
>> runas /user:localhost\username /password:password cmd.exe <<
You can only use the parameter /savecred to save this credentials with password on the machine like
>> runas /user:localhost\username /savecred cmd.exe <<
But this is a security hole. The saved credentials allows user with non-administrative rights to run anything on that particular machine with that credentials,
not just the original command, because account and password is stored in credential manager which can used by the limited user.
That's why you also have to authorize the specific application, which is allowed to start with administrator rights.
You can do this by Runasspc = runas + password + application + encryption. https://robotronic.de/runasspcEn.html
Runasspc has nearly the same syntax and parameters as runas, but additional you can set the specific allowed application and much more,
this portable tool can used on different machines without installation procedure.
So you can create an encrypted file for one application, setup file, batch file or any other script
and distribute this to your users by simply copy it to a network share, usb memory stick or any other place from where the limited user can start it to get administrator rights for the specific program.
By another great easy tool RunAsAdmin from RunAsRob https://runasrob.com
you can set a specific program, you want to allow to start with administrator privileges,
but you can also configure directories with asterisk for wildcards or you can authorize complete folders, their contents you want to allow to launch with administrator rights and much more,
you can start the application, setup file, batch file or any other script as administrator with administrator privileges or under system account with system rights.
This clever RunAsRob tool need not an encrypted file with stored credentials. It goes another way,
but the mechanic of RunAsRob is very easy and clear to understand.
RunAsRob use either the system account directly or put the user temporary into local group of administrators for the allowed application.
After drag the application.exe over runasrob.exe, RunAsRob then look in the computers registry path of RunAsRob, if it is an allowed path or not.
If it is a registered directory, the application start on computer as administrator or under system account, depending on what you have configured in the graphical interface RunAsAdmin.
This is an easy way to distribute software, drivers, patches,... without to create a package for your clients.
You just have to allow a specific share in your network and copy the setup.exe file in there and call your user to start it from there.
A standard user with limited access can also start a script for monitoring, copy job, backup or other system relevant tasks which needs system rights. By NTFS rights you can limit the user access or computers which can use this allowed share.
Runasadmin is a part of RunAsRob, you have a variable instrument on your single computer or in a big domain forest.