Single ConEmu Window - Multiple Tabs As Different Identities + Run as Admin

[Andrew Baird]

Hi everyone,

I'm pretty sure the answer to this is going to be 'no' as after a couple of hours of playing with it I haven't made any headway but I thought I'd ask just in case I'm missing something obvious.

At the moment I have two ConEmu windows open, one running as my limited user account (we're running an Active Directory domain) and the other as my privileged account which is a domain admin. In each window I have the same four tabs; a standard command prompt session, a standard PowerShell session and an elevated version of each. What I'd love to be able to do is skip having two windows open and add a tab in the limited user window that runs an elevated PowerShell session as my privileged account (if that sentence doesn't make any sense have a quick read of this: https://blogs.technet.microsoft.com/benshy/?p=13). I can quite happily start a PowerShell tab running as my privileged account but it's getting an elevated one in the same window that I'm having trouble with.

I'll stop short of posting my work to date just in case someone can definitively say "there's no way". :)

All advice very gratefully received.

Thanks!

[Maximus ConEmu]

Hi

The trick is to run your elevated tab from another credentials.

At the moment, you may do that via specially created batch file, for example:

admin-cmd-tab.cmd

cmd.exe /k CmdInit.cmd -new_console:a

And run this batch under selected user (domain Administrator) with switch:

admin-cmd-tab.cmd -new_console:bn

So you'll get one new elevated tab under Admin account.

Just make a batch for each tab...

[Andrew Baird]

Okay, I've given this a go but I'm still not getting anywhere. I'm sure it's me but here's my set up in a little more detail:

* Limited user account: Fred

* Privileged user account: Barney

Logged in to Windows as Fred, open ConEmu window as Fred.

Batch file in the ConEmu program directory contains the following (as per your guidance):

admin-psh.cmd

powershell.exe -new_console:a

ConEmu tab configured as:

admin-psh.cmd -new_console:bnu:"<Barney>:<BarneysPassword>"d:"C:\Users\barney"

Now it seems to work - I click the link, I'm prompted to elevate and a PowerShell tab opens at 'C:\Users\barney' - however if I do a 'whoami' it politely tells me that I'm Fred.

Am I still missing something? :)

[Maximus ConEmu]

admin-psh.cmd -new_console:bnu:"<Barney>:<BarneysPassword>":d:"C:\Users\barney"

You have not delimited ":d:..." by colon.

I do not care about whoami, the ProcessExplorer shows user in process properties.

[Andrew Baird]

Okay - let's ignore the :d bit for the moment. I can always add that back at a later date:

admin-psh.cmd

powershell.exe -new_console:a

ConEmu tab configured as:

admin-psh.cmd -new_console:bnu:"<Barney>:<BarneysPassword>"


If I open ConEmu with my four regular tabs Process Explorer shows all four of them running as Fred (as expected).

If I then start the fifth tab, configured as above, Process Explorer shows that tab is also running as Fred, implying that 'whoami' might be telling the truth.

I don't expect you to take my word for it but I'd rather not post public screenshots that disclose my username. I can PM them to you, though. Let me know if that'd be helpful. ;)

Thanks!

[Maximus ConEmu]

Well, you can e-mail me with details