New
#11
Your English is great. You did describe a task that I assume is a simplified version of the real task. And you are correct, there does not seem to be a native way to impersonate another user (runas) to launch an app at the high integrity level. AutoIt scripts can request an elevation to the high integrity level... but I'm not sure that this would work while impersonating another user.
1) The administrator account that I mentioned is described here:
Built-in Administrator Account - Enable or Disable
2 & 3) If a user is a member of the "Administrators" group...
...they can do somethings without being asked for credentials.
User1 is in the "Administrators" group.
User1 starts notepad.
Notepad runs at the medium integrity level.
(assumes default UAC settings)
User100 is not in the "Administrators" group.
User100 starts notepad.
Notepad runs at the medium integrity level.
(assumes default UAC settings)
User1 starts notepad using "Run as administrator".
User1 answers yes to the UAC prompt.
Notepad runs at the high integrity level.
User100 starts notepad using "Run as administrator".
User100 is prompted for the credentials of one of the user in the "Administrators" group.
If those credentials are correctly entered, notepad runs at the high integrity level.
User1 and user100 can do most of the same things.