Recently I came across a tool being used at work called CPAU.
The tool was created by Joe Richards to allow a password to be past to the command line, and to startup up applications with network credentials. The alternative to this, RUNAS from Microsoft, didn’t allow for the former, and required the command to be run every time to satisfy the latter.
(You can read more about it here. You may notice that the last time the tool was updated was in 2005. When I asked the Windows Admin who set up CPAU for us about this, he just shrugged his shoulders.)
As an unintended consequence (and this is totally how CPAU was being used at my workplace), admins began using CPAU in their batch files when needing to run certain applications as a local admin.
The process of creating these batch files is quite simple. First, make sure the user name that will be running the application is in the local administrators group. Second, download the exe file from the Joeware site. Third, create the job file. The syntax for the job files look something like this:
CPAU -u user [-p password] -ex “exampleApp.exe” [switches] -file example.job
Finally create the batch file that runs the job file. If you want to make life easier for the user, then create a shortcut to the batch file and place it on the users desktop.
As a final note, I feel it is necessary to mention that there are more modern ways of making sure certain applications, for certain users, run with elevated privileges. For example, Application Control from Appsense will allow you to discover which applications require elevated credentials, and then create an elevated privilege policy to be applied to a specific group of users. You can read more about Application Control here.