Back to all tools
Desktop AppSecurity

Run as Domain User

A wrapper app that uses ShellRunAs to launch a target executable under a defined Active Directory domain user from non-domain-joined Windows devices. It enables cloud-managed devices to run legacy on-prem tools (RSAT) by prompting for domain credentials and launching the configured app with elevated rights. It relies on simple domain.txt and app.txt configuration and is packaged for Intune with explicit install/uninstall commands and a Start Menu entry.

Works with
WindowsWin32 AppsEntra ID
Created by
Niklas Rast
Niklas Rast
GitHub

Security Analysis

5of 6
1 Issue Found

3 files scanned on Jan 8, 2026

Issues Detected
No Malicious Patterns
No known malware techniques
Launcher uses PowerShell with -ExecutionPolicy Bypass and -WindowStyle Hidden to execute runasdomainuser.ps1. This enables stealthy execution and potential evasion of security controls, which can be abused for persistence or privilege escalation.
Passed Checks
No Obfuscated Code
No Remote Execution
No Credential Theft
No Data Exfiltration
No Hardcoded Secrets
AI Analysis

The codebase shows potential security concerns related to stealthy PowerShell execution, persistence-like installer behavior, and config-driven command construction. There is no evidence of remote script downloads, credential harvesting, or data exfiltration in the provided snippets. Treat as potentially risky admin tooling: enforce input validation, code signing, least privilege execution, and avoid bypassing PowerShell security policies.

Screenshots1 / 2

Swipe to see more

You might also like

PS Script

Intune Make Enrollment User Admin

This Intune-deployable script elevates the enrollment user to a local administrator on Windows devices. Packaged as an .INTUNEWIN app, it is deployed through Microsoft Intune to targeted users with install and uninstall commands to grant or revoke admin rights after enrollment. It uses a requirements check for detection and can be reconfigured later, providing an Autopilot-like capability fully managed by Intune.

Niklas RastNiklas Rast
PS Script

IntuneStatefulDeviceFingerprinting

KuShu-Shimon Intune Stateful Device Fingerprinting (ISDF) provides a tamper-resistant device fingerprint for enrolled Windows devices, enforced via Intune Custom Compliance and DPAPI-encrypted baselines. In Cloud mode it attests fingerprints to Entra ID through APIM and a Logic App to enable trusted device filters, dynamic groups, and stronger Conditional Access policies. The solution collects on-device signals, stores encrypted baselines, self-heals missing keys, and reports ISDF booleans for compliant state.

Graham HildGraham Hild
Desktop App

Microsoft Team Rooms Wallpaper package wrapper

A Microsoft Intune wrapper that enables deploying a custom wallpaper to Microsoft Teams Rooms devices via a PowerShell installer. It packages a wallpaper into an .INTUNEWIN package, supports install and uninstall commands, and uses registry-based detection to verify the deployed version. It also generates logs under the Intune Management Extension folder for troubleshooting, with a configurable company name for branding.

Niklas RastNiklas Rast
PowerShell Module

MDEValidator

A PowerShell module for validating Microsoft Defender for Endpoint configurations. Checks service status, real-time protection, cloud protection, ASR rules, network protection, tamper protection, SmartScreen policies, and MDE onboarding status with HTML and console reporting.

Nathan HutchinsonNathan Hutchinson