cpau 是一個替代runas的程式,並且功能強大,也是一个替代 runas 的程序,并且功能强大,可以使用加密的密码

cpau可以用 -c 查看幫助

也可以訪問 來查看

CPAU Usage

cpau /?

CPAU V01.11.00cpp Joe Richards ( November 2005

CPAU -u user [-p password] -ex “WhatToRun” [switches]

user User to log on as. Ex: user or domain\user
password User’s password
WhatToRun What to execute

Switches: (designated by – or /)
-profile Do local logon with profile instead of net logon
-localwithprofile Alias for -profile
-lwp Alias for -profile
-localwithoutprofile Local logon but do not load profile.
-lwop Alias for -localwithoutprofile
-k Prefix command with cmd /k to leave window open
-c Prefix command with cmd /c to close window after exec.
-pipepwd Special method allows you to pipe password in
-enc Encrypt a job file for later user
-dec Use an ecrypted job file
-file Specify job file to execute or create
-wait Wait for process completion before returning.
-outprocexit Used with -wait, the errorlevel variable has the
exit code of the spawned process instead of cpau.
-cwd x Start at working directory x.
-hide Start the new process in a hidden state.
-title x Allow you specify title of command prompt windows.
-crc file[,file,file] This option allows you to encode
CRC info for files in the job file. When decoded
the CRC have to match or the program bombs. Note that
it will not chase paths looking for the file, you must
specify the exact path.
-nowarn Don’t output warning about network logon.

cpau -u joehome\joe -p logon -ex “perl” -lwp
Runs perl script as joehomejoe

cpau -u joehome\joe -p logon -ex “perl” -enc -file cleanup.job
Creates job file called cleanup.job to run perl script as joehomejoe

cpau -dec -file cleanup.job -lwp
Execute job file cleanup.job

cpau -u joehome\joe -p logon -ex “perl” -wait -lwp
Runs perl script as joehomejoe and waits for process to end

cpau -u joe -p logon -ex notepad.exe -lwp
Runs notepad as user joe

cpau -u joehome\joe -p logon -ex logonscript.cmd -lwp
Runs logon script in current directory as user joe (see note below)

cpau -u joehome\joe -p logon -ex logonscript.cmd -lwp -cwd c:\temp
Runs logon script in/from c:\temp as user joe (see note below)

cpau -u joe -p logon -ex logonscript.cmd -enc -file logon.job -crc logonscript.cmd
Encodes logon.job file and CRC protects the batch file

I had to add some protection to this app. It seems people were running this with
a networked drive for the current working directory. Microsoft prevents cross-
security context access of network drives on purpose, this causes CPAU
to not be able to fire the process up. To correct for that, if CPAU realizes
your current working directory is a network drive it will change the CWD to the
default local path (usually c:\windows\system32). To override this functionality
you must specify the CWD option, note that if you set it to a network
drive you most likely will not function properly. Also note that this is
not a bug in CPAU, this is purposeful functionality from MS. You can see this
out of anything that changes your local security context.

If you are using this for a logon script or something else where
you need the permissions to take affect locally, you need to specify the
-lwp (or -profile) switch. By default the process spawned has the current
user’s security context locally and the new security context remotely. Also
keep in mind the note above concerning network drives, logon scripts run from
network drives, you will need to set the CWD to a local machine
(c:\temp maybe) and copy whatever files are necessary locally and then run cpau.

As of Version 1.08.00 I have added the ability to insert environment variables
into the job file. Normally env vars get converted into their values
on the machine encoding the job file, I have made it so you can escape
these so they will get decoded on the machine that runs the job file.
To do this, on the command line when building the job file specify the
environment variable like {%{env-var}%} instead of like %env-var%. So
for instance if you wanted SystemRoot you would specify {%{SystemRoot}%}.
This only works for items that are part of the -EX parameter.

As of Version 1.08.00 I have also added additional protection around the CRC
option. When you add CRC files to the job file, cpau will mark the file in
such a way that no version prior to 1.08.00 will be able to use the job file.
This is to prevent someone from taking a 1.08.00 or better job file with CRCs
and use an older version of CPAU to avoid the CRCs.

As of Version 1.08.00 I have also added the feature to display the encoded
information when creating the job file. This should help reduce the questions
I am getting on why a certain job file doesn’t work. Often what people specify
isn’t encoded in the way they think, especially around env vars.

As of Version 1.11.00 the -lwop option was added which allows a local logon without
loading the user’s profile. This may cause odd responses in some programs. If
you experience issues, use -lwp to load the user’s profile to see if that works.

As of Version 1.11.00 I am specifically disallowing use from LocalSystem. This is
something that works on older OS versions but doesn’t work on XP SP2 and K3 and
the inconsistency was causing a lot of support issues. The primary intent of this
application is to allow interactive logons to switch security context for specific
processes, not crutch unattended applications working for web apps and from the
task scheduler.

This software is Freeware. Use it as you wish at your own risk.
If you have improvement ideas, bugs, or just wish to say Hi, I
receive email 24×7 and read it in a semi-regular timeframe.
You can usually find me at


CPAU.exe -u administrator -ex “C:\Program Files\Kaspersky Lab\NetworkAgent\
klmover -address” -lwp

-lwp或-lwop 如果是本地賬戶,必須使用此開關才能交互式認證。
如果-p不使用,則變會提示輸入,或者使用-p 來輸入密碼,如果怕密碼被發現,則可以使用-enc file 來加密指令