Windows 7: Run as Administrator

Hello Aragon, and welcome to Seven Forums.

You could run a program without having to type in a password if you run the program while logged in an "administrator" account instead of a "standard" account. Otherwise, no.

Hope this helps,
Shawn

Thanks for the help, I've been having the same problem with Onenote and Windows Desktop Search.

You're most welcome Tonbar, and welcome to Seven Forums.

this is a really good thread, alot of important things people need to know about

This is THE thread for UAC info - I agree. But I want to make sure I fully understand this so bear with me, all.

I have one standard user. She needs to run an installed app called Autobase.exe off a shortcut off the desktop. This app works perfectly in XP Pro, where there are no UAC or permissions issues. We've migrated to Windows 7 Pro with a brand new Acer desktop. I hate to think what you're going to say to me, but...

I created an "Admin" account and used it to set up the various routine apps including AutoBase. We don't use that many frankly - most business is conducted through the browser. Before installing the few apps (like Office, CCleaner etc.) I created the standard user acct called HA017. Office runs fine with no UAC intervention. CCleaner puts up a UAC prompt but allows us to Continue unabated. But Autobase - always generates the propmpt begging for administrator's password. I wish I knew why the difference. Of course we don't want to give away the admin password - for obvious reasons. It permits her too much access to the whole computer in general. OK...

I went through and granted permissions to \users\HA017 to elevate this standard user to full control of the Autobase folder. She still gets the admin password prompt. I pressed further and granted permissions to \users\HA017 on both the shortcut and the target executable and the entire folder plus subfolders. Still wants the admin password. I'd like to halt that behavior.

But if I read Brink's 8/29 reply, I'm hopelessly doomed here! As I read it, I will have to make this standard user an admin and thus spoil all the good security measures that Win 7 provides machine wide. That just doesn't sound right to me! I have the feeling I'm just not reading something right.

Can someone give me a direction to go in, please?

H

Hello Hoib, and welcome to Seven Forums.

You might see if using OPTION THREE in the tutorial to see if you may get lucky and be able to uncheck the Run this program as an administrator box, or try running the program in XP SP3 compatibility mode to see if that may be able to help.

If not, then I do not think that you will be able to allow a standard user to run it.

Thank you for the welcome.

Boy, I don't like that answer!!
I will be going to the site tomorrow so I can try option 3 - I did zero in on that one in this very nice forum.

Late question added: When you do Option 3, do you do it from the admin account or do you do it from the standard user account. On the later scenario, would you do it after assigning admin priveleges to that standard user (then revert back later)?

Larger issue - Big picture question: Do you happen to know exactly, "WHY" is this being imposed in such a brutally frustrating and wholly inefficient and disruptive fashion? If I were developing software and had to accomodate Win 7, I'd surely have to know these rules and plan for them, wouldn't I? As an expert, doesn't it seem to you to be counter-productive: spend all this user time and user effort to broker security only to then have to toss out all security? I understand about having the system be secure - I've fixed dozens of friends and neighbor's computers who got hacked/hijacked. But, as this is my first venture into the world of Win 7, doesn't this brand of "absolutism" seem pretty dumb/lame? And, I have to just wonder what exactly do software authors do now?

So other than option 3, there's no other way around this. May I please ask if you know how programs (again, I'l cite CCleaner for example) set themselves up to run on a standard user account; what are the differences, how are they implemented? Is it in some special way that they're coded?

Makes me want to go to Linux...


Brink - let me ask another question so I can try to sort this out before I go in tomorrow...

If I completely disable UAC (IOW drop that slider all the way to the bottom - forsaking all the so called nice security features and warnings for the needed business application functionality) that disabling action still DOES NOT get around the fact that the standard user has no permission to run this legacy app, right? UAC is simply the messenger - it's really a permissions issue, right? And as such, no matter what I set the permissions to on the folders/shorcuts/executables, it's not going to work! Until the authors of this legacy app create a new Win 7 compatible program, right? It doesn't matter one wit if I installed this with the admin acct - standard users cannot run the app. I doesn't matter in which order the user or app is applied to Windows - standard users do not have priveleges with these legacy apps. I want to understand (because it's so hard to believe we've be painted into a corner...) Running the legacy app in "compatibility mode" should bridge the gap, but for some reason the admin token does not inherit down to the standard user, in this case, right? (See? I've been reading....!)

I'd just like some quick thoughts on this... I do thank you and appreciate the time you spend with us here. It must be a labor of love...

H

Hoib,

Option Three will need to be done on the .exe file from an administrator account.

I think I found an alternative method that may work for what you are wanting. You can use AppLocker in the tutorial below to create a new rule for the Autobase.exe file for the standard user to see it that may be able to let that account run it without having to enter the administrator's password.

AppLocker - Create New Rules

Oh Man! What a find - I can't wait to get in tomorrow give this a try.
I sat around and worried about this all day!!!

Observe that the article says, "A computer running Windows Server 2008 R2, Windows 7 Ultimate, Windows 7 Enterprise, or Windows 7 Professional to create the AppLocker rules. Windows 7 Professional can be used to create the rules, but the rules cannot be enforced on computers running Windows 7 Professional." This again seems to contradict itself because you can't "enforce" on computers running Win 7 Pro. How absolutely wierd.

I'll be sure to report back promptly...

Thanks.

H

That is a bit confusing. I rewrote that part to help make it easier to understand.