Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: UAC bug with runas from command line?

24 Apr 2013   #1

Windows 7 Professional x64
UAC bug with runas from command line?

Hi Folks,

I am experiencing what I believe is a bug with UAC in Windows 7.

I would like to see if anyone can recreate this issue and tell me if it is a bug or is working as expected.

To recreate the issue:

1. Confirm the following local security policy setting is Enabled. Local Policies -> Security Options -> User Account Control: Run all administrators in admin approval mode.

2. Launch a command prompt and open a new elevated command prompt with this command: runas /user:<domain>\<user> cmd.exe

3. Once the new window opens, navigate to your C: directory via My Computer. Once at C: attempt to create a new text document by right click and selecting new. If my suspicion is correct, you will have lost nearly all access to the C: directory.

4. To fix this permission issue, disable the setting mentioned in step 1. Reboot will be required.

Is this working as intended? Is this a bug? I have not come across any thread or document that discusses this issue being caused by the runas command.

I assume the issue is with UAC's admin approval mode, as the disabling admin approval mode appears to resolve the issue.

My System SpecsSystem Spec
24 Apr 2013   #2

W7 Pro SP1 64bit

Welcome to the Seven Forums.

Nice first post. It is always good to see steps to reproduce the problem. In this case, you do not need step 2 to be able to see what you are seeing (which is normal).

1) enable policy (which is enabled by default)
2) use Windows (file) Explorer to navigate to the root of the system drive
3) right click > New
(the only option in the default context menu will be Folder)

This is by design because Windows (file) Explorer is running at the medium integrity level. If you start explorer.exe via "run as admin", it will run at the high integrity level and you will have the complete "New" context menu.
My System SpecsSystem Spec
24 Apr 2013   #3

Windows 7 Professional x64

Thanks for the welcome!

Step 2 was necessary for me to produce this issue.

I have domain administrator rights to this machine.
This local policy setting had always been Enabled, and I have always had full access to any portion of my drive, even when I did not elevate windows explorer.

I was testing a few scripts locally and elevated my cmd prompt using the method in step 2. After which my permissions were hosed to the root of C:.

I lost all rights to change any permissions or user accounts on the root folder. Reboot/relog did not help, only changing this policy resolved the issue.

Thanks for the tip to elevate explorer.exe from command line, that will help in a pinch.

However, I shouldn't have to have this setting disabled to make changes as a domain admin correct? Especially if it comes enabled by default as you said, and I've always had access to these functions while logged in as domain admin.
My System SpecsSystem Spec

24 Apr 2013   #4

W7 Pro SP1 64bit

So you are saying that after checking step 1 (in your original post) and before step 2, you have a full "New" context menu in the root of the system drive? For you, doing step 2 actually changes that context menu within an exiting Explorer instance?

Using runas from a non-elevated cmd window did not elevate the second cmd window. It too was running at the medium integrity level (according to Process Explorer). Which is what I would expect.
My System SpecsSystem Spec

 UAC bug with runas from command line?

Thread Tools

Similar help and support threads
Thread Forum
runas administrator from cmd, error RUNAS ERROR 1327 Logon failure
Hello, Recently I have installed on a Virtual Machine Windows 7 so I can run automated builds on it with Jenkins. The problem comes here : I need to launch a .bat script from cmd, but as an administrator.When I try to do that, I get the error : I have been looking on the internet and found...
General Discussion
Executing command line command anywhere ?
I want to create a setup whereas a command line command can be run from any directory/folder, without having to be in the directory/folder whereas the command line command resides ?
General Discussion
Command Line - Help
Hi Guy's and Girls, Just first off I've never been too good with CMD and only an Apprentice in my company I work for. Now something I've wanted to do for awhile was to make the following but I don't necassirealy I know how to do this in one batch file: I would need a Batch file that is...
General Discussion
What is wrong with this command line?
Help please I am pulling my hair out. I use a desktop shortcut to run an application called get_iplayer.cmd located in the directory c:\program files\get_iplayer The line in the Target of the shortcut properties therefore reads: C:\Windows\System32\cmd.exe /k "c:\program...
General Discussion
Command Line
Is there a cmd.exe /switch for “run as administrator” ? Thanks-
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 17:01.
Twitter Facebook Google+