ok, runnas version 1.8 is now available ... this new release supports substituting "tokens" on the command line ... it works like this:

1) Create a token file that starts notepad - the filename is a token:

> runnas "notepad.exe <p1>" /user:joe /pass:xxx /tok:notepad.tok

2) Run the tokenfile and replace <p1> at runtime:

> runnas notepad.tok /p1:file1.txt

Note: If you tokenize part of the executable path, and you want a /crc check, then you must at least provide that token on the command line (/crc needs to locate the file).

I'm not sure how much of a security risk this adds - much would depend on what kind of command line you crafted, and specifically what you tokenize - if anyone wants to "discover" possible spoofing scenarios, please post your example command lines.