I'm testing on XP SP2, but we've got 2000 SP4 out there as well. The 98 machines I just ignore, hoping they'll fall into a pit somewhere. Most of our user base are set as Power Users, so everything we'd need to use runnas would almost always require local admin to execute.

Here's the line I'm currently using that executes great, but in this sample I'm not trying to pipe the stdout anywhere, but because I have to do a "net localgroup" for every entry in the local administrators group, I've got 4 lines, each of which pops a dos window up, although it closes quickly. I put the Runnas.exe command in it's own function called RunAs($TargetApp) so I could shorten main line that calls it. Forgive the chr() commands... old VB habit and I have a few helpdesk techs that could be editing these scripts down the road and the multiple quote characters would probably throw them, and they'd leave out a triple-quote somewhere.

RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\domain admins" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\integrators" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\schoolsmca" + Chr(34) + " /add")
RunAs("net localgroup " + Chr(34) + "Administrators" + Chr(34) + " " + Chr(34) + "domain\trfcmca" + Chr(34) + " /add")
Function RunAs($TargetApp)
Shell "%COMSPEC% /c runnas.exe /user:adminuserid " + Chr(34) + $TargetApp + Chr(34) + " /password:adminpassword"

Normally, in ScriptLogic's app launcher we'd call a batch file that sits in the netlogon folder that has several things in it pertaining to these "net localgroup" commands and a few other cacls folder permission setting entries, so if I could call the batch file on one line, all the better. This was actually the way I first started trying to do it, by executing the teacher.bat file using Runnas.exe, but because the results dos window would appear every time displaying the "net localgroup" errors, I switched to the method above since it as least hide the failed "net localgroup" messages. I've tried adding a " > NUL" to each line in the batch file, which does hide successful commmand results, but any failed commands that error out show up in the popup dos window.

I just played around with Howard Bullock's GrpMaint tool which I'm thinking may be easier to use by passing a member file to it. Then it just logs failed group membership additions and doesn't fly em across the screen like the command prompt method does.