I was running up against a strange error message while trying to use Windows’ RUNAS command to run VBScript as a different user. In my case, the different account was an administrative account, and the box had never been logged into with that account.
The error message, which appeared when I submitted the correct password for the account:
RUNAS ERROR: Unable to run – notepad.exe
1327: Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced.
It’s a tricky error message, because submitting a blank password for a user with a password will return a different error (see below). Some Googling around revealed that error 1327 may be due to an expired password on an otherwise valid account, or the user has no password set (runas requires a password).
Compare it to the error that comes from actually submitting a blank password:
RUNAS ERROR: Unable to run – notepad.exe
1326: Logon failure: unknown user name or bad password.
Error 1326 is likely caused by trying invoke runas for a non-existent user, or an incorrect password was provided for a valid user.
As it turns out, the password for the account I was trying to use had expired, although I was able to continue using it with runas on another box without issue. I RDP’d onto the machine where I was having the problems and changed the password when prompted. Once the password was changed, I logged back in as my normal user account and was able to use runas with the administrative account.