Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: UAC bug with runas from command line?

24 Apr 2013   #1
tcshain

Windows 7 Professional x64
 
 
UAC bug with runas from command line?

Hi Folks,

I am experiencing what I believe is a bug with UAC in Windows 7.

I would like to see if anyone can recreate this issue and tell me if it is a bug or is working as expected.

To recreate the issue:

1. Confirm the following local security policy setting is Enabled. Local Policies -> Security Options -> User Account Control: Run all administrators in admin approval mode.

2. Launch a command prompt and open a new elevated command prompt with this command: runas /user:<domain>\<user> cmd.exe

3. Once the new window opens, navigate to your C: directory via My Computer. Once at C: attempt to create a new text document by right click and selecting new. If my suspicion is correct, you will have lost nearly all access to the C: directory.

4. To fix this permission issue, disable the setting mentioned in step 1. Reboot will be required.


Is this working as intended? Is this a bug? I have not come across any thread or document that discusses this issue being caused by the runas command.

I assume the issue is with UAC's admin approval mode, as the disabling admin approval mode appears to resolve the issue.


My System SpecsSystem Spec
.
24 Apr 2013   #2
UsernameIssues

W7 Pro SP1 64bit
 
 

Welcome to the Seven Forums.

Nice first post. It is always good to see steps to reproduce the problem. In this case, you do not need step 2 to be able to see what you are seeing (which is normal).

1) enable policy (which is enabled by default)
2) use Windows (file) Explorer to navigate to the root of the system drive
3) right click > New
(the only option in the default context menu will be Folder)

This is by design because Windows (file) Explorer is running at the medium integrity level. If you start explorer.exe via "run as admin", it will run at the high integrity level and you will have the complete "New" context menu.
My System SpecsSystem Spec
24 Apr 2013   #3
tcshain

Windows 7 Professional x64
 
 

Thanks for the welcome!

Step 2 was necessary for me to produce this issue.

I have domain administrator rights to this machine.
This local policy setting had always been Enabled, and I have always had full access to any portion of my drive, even when I did not elevate windows explorer.

I was testing a few scripts locally and elevated my cmd prompt using the method in step 2. After which my permissions were hosed to the root of C:.

I lost all rights to change any permissions or user accounts on the root folder. Reboot/relog did not help, only changing this policy resolved the issue.

Thanks for the tip to elevate explorer.exe from command line, that will help in a pinch.

However, I shouldn't have to have this setting disabled to make changes as a domain admin correct? Especially if it comes enabled by default as you said, and I've always had access to these functions while logged in as domain admin.
My System SpecsSystem Spec
.

24 Apr 2013   #4
UsernameIssues

W7 Pro SP1 64bit
 
 

So you are saying that after checking step 1 (in your original post) and before step 2, you have a full "New" context menu in the root of the system drive? For you, doing step 2 actually changes that context menu within an exiting Explorer instance?

Using runas from a non-elevated cmd window did not elevate the second cmd window. It too was running at the medium integrity level (according to Process Explorer). Which is what I would expect.
My System SpecsSystem Spec
Reply

 UAC bug with runas from command line?




Thread Tools




Similar help and support threads
Thread Forum
Command Line - Help
Hi Guy's and Girls, Just first off I've never been too good with CMD and only an Apprentice in my company I work for. Now something I've wanted to do for awhile was to make the following but I don't necassirealy I know how to do this in one batch file: I would need a Batch file that is...
General Discussion
Command line csc not working.
I am trying to use csc.exe from the command prompt to run a program called c:\code\helloworld.cs. I know the program works as I tested it using 'compile online dot com'. When I run csc, I get the following error (see jpg). How may I solve this problem, please? When I set the 'Path' to the...
General Discussion
Gpedit via command line
how can I enable disable a policy using gpedit! Not via the GUI, you go do some clicks and enable. But I want to execute one shot command which will say disable AutoRun. I have searched exenstively, no results. I kind need this for my automation stuff. Thanks, Akshay
Performance & Maintenance
How to run a command line utility?
Hi, I am trying to run a command line prompt utility from Microsoft on windows 7. Sure I am doing something wrong, after I click the downloaded .exe file the command prompt pops up briefly then disappears. Can someone explain the basics of running a command line utility on win7? Thanks! ...
General Discussion
Command Line
Is there a cmd.exe /switch for “run as administrator” ? Thanks-
General Discussion
Can you boot from the command line?
This is an off topic thread because it concerns WinXP/2000 dual boot machine which are not booting. I can get to the Windows\ and Winnt command line of each but trying to figure out if I can boot from there. If I try to boot regularly I get "missing operating system" Im trying the Windows 2000...
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:12.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App