Is there an equivalent of SU for Windows

visiteur · Mars 16, 2026, 5:48

Is there a way (when logged in as an administrator, or as a member of the administrators group) to masquerade as a non-privileged user? Especially in an AD environment.

e.g., in the Unix world I could do the following (as root):

# whoami
root
# su johnsmith
johnsmith> whoami
johnsmith
johnsmith> exit
# exit

I need to test/configure something on a user’s account, and I don’t want to have to know their password or have to reset it.

Modification :

runas won’t cut it. Ideally, my whole desktop would become the user’s, etc. and not just in a cmd window.

admin · Mars 16, 2026, 5:48

I’m pretty certain there is no supported way to run as a different user without having that user’s credentials. It’s a non-repudiation measure. Someone can’t say: “I didn’t do it”, because either they did it, or someone with their credentials did it. And for the second they’d have to give the other person the credentials.

Normally how I do what I need to do while logged in as another user is to use remote assistance to essentially RDP into the session, and have them grant me control. Then I do whatever while they’re watching (presumably, anyway).

Anything else can usually be done with GPO/scripts.