matteoautomata
New member
I am trying to make a shortcut to launch a program with admin privileges, with User Account Control (UAC) enabled, from a regular user account.
I had previously used 'runas' to launch a program with admin privileges from a regular user account using a similar method in the "How to Create an Elevated Program Shortcut Any User is able to Run" tutorial to create an elevated shortcut. In my case I am launching Process Explorer as an admin user from a regular user account. I had created a batch file with the command, then created a shortcut to the batch file, although the method in the tutorial where the entire command is just written out as the shortcut target is much simpler.
The 'runas' command used to work fine with UAC turned OFF. However it does NOT work with UAC turned ON. I'm not sure why. If I turn UAC off, it works. But if UAC is turned on, even though the application (Process Explorer) is launched with the admin user account, for system processes it shows <access denied> and no network and no disk information. I have verified the command launches as the admin user, since the admin user account username is listed next to the process, and the name of the admin user account is shown in brackets in the title bar of the application.
Interesting I also tried the Sysinternals 'ShellRunas' utility, which also did NOT work with UAC turned ON. I registered the context menu entry, then I right clicked to select "Run as different user...", and then entered the admin user account credentials, but the application doesn't seem to have the correct permissions either, with showing <access denied> for system processes and no disk/network info, even though it says it is running under the admin user account.
If I right click on the application and choose the "Run as administrator" option (with the little yellow and blue shield), a "User Account Control" dialog pops up, and asks me to enter credentials. I can enter in the admin user account credentials, and then everything works fine with the application permissions.
I don't really want to have to right click, "Run as administrator", and type in a password every time for certain trusted applications that I use frequently.
So I created a scheduled task following the "Elevated Program Shortcut without UAC Prompt" tutorial trying a few different options and created a shortcut to launch that task: (schtasks /run /tn "ProcessExplorer")
'runas' launching app => still get access denied error: (%windir%\System32\runas.exe /user
OMAIN\AdminUsername /savecred "D:\Downloads\Windows Utilities\Process Explorer\procexp.exe")
'cmd' launching 'runas' launching app => still get access denied error: (%windir%\System32\cmd.exe /c start C:\Windows\System32\runas.exe /userOMAIN\AdminUsername /savecred "D:\Downloads\Windows Utilities\Process Explorer\procexp.exe")
'cmd' launching app, with "Task Scheduler" "Security Options" to use admin user account whether or not user is logged on => did not launch (%windir%\System32\cmd.exe /c start "ProcessExplorer" "D:\Downloads\Windows Utilities\Process Explorer\procexp.exe")
I realize the warning in the tutorial states the method described will only work with an administrator account, although I thought there might be a work around. I don't want to be logged in as an administrator all the time, and don't want to disable User Account Control, but would like to run certain trusted applications with admin privileges as a standard user. I known can right click and 'Run as administrator' every time and enter credentials to launch the app with admin privileges, but I thought there might be an easier way.
I had previously used 'runas' to launch a program with admin privileges from a regular user account using a similar method in the "How to Create an Elevated Program Shortcut Any User is able to Run" tutorial to create an elevated shortcut. In my case I am launching Process Explorer as an admin user from a regular user account. I had created a batch file with the command, then created a shortcut to the batch file, although the method in the tutorial where the entire command is just written out as the shortcut target is much simpler.
The 'runas' command used to work fine with UAC turned OFF. However it does NOT work with UAC turned ON. I'm not sure why. If I turn UAC off, it works. But if UAC is turned on, even though the application (Process Explorer) is launched with the admin user account, for system processes it shows <access denied> and no network and no disk information. I have verified the command launches as the admin user, since the admin user account username is listed next to the process, and the name of the admin user account is shown in brackets in the title bar of the application.
Interesting I also tried the Sysinternals 'ShellRunas' utility, which also did NOT work with UAC turned ON. I registered the context menu entry, then I right clicked to select "Run as different user...", and then entered the admin user account credentials, but the application doesn't seem to have the correct permissions either, with showing <access denied> for system processes and no disk/network info, even though it says it is running under the admin user account.
If I right click on the application and choose the "Run as administrator" option (with the little yellow and blue shield), a "User Account Control" dialog pops up, and asks me to enter credentials. I can enter in the admin user account credentials, and then everything works fine with the application permissions.
I don't really want to have to right click, "Run as administrator", and type in a password every time for certain trusted applications that I use frequently.
So I created a scheduled task following the "Elevated Program Shortcut without UAC Prompt" tutorial trying a few different options and created a shortcut to launch that task: (schtasks /run /tn "ProcessExplorer")
'runas' launching app => still get access denied error: (%windir%\System32\runas.exe /user
OMAIN\AdminUsername /savecred "D:\Downloads\Windows Utilities\Process Explorer\procexp.exe")'cmd' launching 'runas' launching app => still get access denied error: (%windir%\System32\cmd.exe /c start C:\Windows\System32\runas.exe /user
OMAIN\AdminUsername /savecred "D:\Downloads\Windows Utilities\Process Explorer\procexp.exe")'cmd' launching app, with "Task Scheduler" "Security Options" to use admin user account whether or not user is logged on => did not launch (%windir%\System32\cmd.exe /c start "ProcessExplorer" "D:\Downloads\Windows Utilities\Process Explorer\procexp.exe")
I realize the warning in the tutorial states the method described will only work with an administrator account, although I thought there might be a work around. I don't want to be logged in as an administrator all the time, and don't want to disable User Account Control, but would like to run certain trusted applications with admin privileges as a standard user. I known can right click and 'Run as administrator' every time and enter credentials to launch the app with admin privileges, but I thought there might be an easier way.
My Computer
- Computer type
- PC/Desktop
- Computer Manufacturer/Model Number
- custom build
- OS
- Windows 7 Professional x64
- CPU
- AMD Phenom II X6 1090T 3.20GHz CPU
- Motherboard
- Gigabyte GA-890FXA-UD7 AM3 rev2.0
- Memory
- 8.0GB DDR3 1333MHz (PC3-10666) SDRAM
- Graphics Card(s)
- 2x XFX Radeon HD 5870 1GB CrossFire
- Monitor(s) Displays
- Samsung 2253LW Monitor
- Hard Drives
- Corsair Force GT 240GB SATA 3 6.0Gb/s SSD
- PSU
- Thermaltake TR2 TRX-1200M 1200W PSU
- Case
- CoolerMaster HAF 932 ATX Full Tower
- Cooling
- XIGMATEK Aegir SD128264 CPU Cooler
- Keyboard
- Microsoft Sculpt Ergonomic Keyboard
- Mouse
- Logitech M570 Wireless Trackball
- Internet Speed
- AT&T U-verse Max Turbo (30Mb/s down, 2Mb/s up)
- Antivirus
- ESET Smart Security
- Browser
- Google Chrome
- Other Info
- ASUS RT-AC66U Router
