RunAs

Every Windows admin is familiar withe the RunAs command. Recently I came across a new feature called /savecred

SaveCred

RunAs.exe /SaveCred /User:[email protected] "command goes here"

The above command will run a command with the specified credentials (thats what RunAs does), but the /SaveCred option securely saves the password in the Windows Credential Manager. The next time you run the command the password is automatically entered for you thus saving you the hassle of entering it every time. Where I find this most useful is with shortcuts. I have created shortcuts that use the RunAs command before, but with /SaveCred the shortcut operates transparently because there is no DOS box prompting for a password.

Security Risks

Obviously this has some security risks associated with it.

1. If you walk away from your desk and leave the workstation unlocked then a user could run certain commands with those credentials, so don't use /SaveCred with Administrative accounts.
2. I'm not sure how easy it is to crack the Windows Credential Manager, but the credentials are stored on disk. So assuming a hacker were to get hold of it, they could attempt a brute force attack offline.
3. I'm sure there are more.

Reference

http://community.spiceworks.com/how_to/111761-how-to-create-a-shortcut-in-your-start-menu-to-run-an-application-as-a-different-user?source=topic&pos=70