I'm sure there are loads of you guys out there who use secondary logon on your windows based networks for admin tasks.

I was playing in a test environment at work in the view of implementing some new group policies.
One of the most common tasks to restrict is access to control panel and IE control panel for the users.

Now doing some research online etc i came across various articles discussing the most common .cpl applets for launching form a runas admin command prompt.

We have in the past just done a

runas /user:computerordomainname /user filename

which is fine to launch command prompt and some files etc.

However most of ths ites recommend this and then launching desk.cpl for example to gain access to desktop settings.
If you run the runas with the control command it does not play well with control panel so apparently you have to launch the applets individually.

Well i say codswallop !!!!!!!!

Now i know windows exlorer does not always play well wiht runas however.

If you access IE from the programs menu or from quick launch (not the shortcut on desktop) and right click on it you can runas.

This then runs IE with admin priveleges, then jujst in the address bar type control panle and hey presto you have admin privelege to control panle allowing you to carry out admin tasks without having to remeber all the .cpl filenames.

point to note, with various service packs, XP or 2000 etc the runas coomand does not always play well.
for example

runas /user:computername\administrator iexplore.exe

just bombs out, but if you do it form the icon it will work fine.

Alot bloody easier than remebering all the filenames for the applets and even if you do the ncpa.cpl doesnt always work well with runas so difficult to gain access to network properties.

Hope this helps some out there who use secondary logon for admin.

To sum up.

use IE right click for runas and then type control panel will give you access to it under admin privelege.