Some programs and applications need to be run with admin privileges. In this particular case, a standard user with limited privileges, will not be able to run this program.
I was facing this situation a few days ago, to allow standard users to run a corporate application that needs to be started with admin rights.
So, how can you allow a standard user to run this kind of program without giving him a full administration rights on the computer?
What I’ve tested
I found some posts that suggest the following solution:
- Create a local username with admin rights;
- In the user session, create an application shortcut on the desktop;
- On the Shortcut properties, click the shortcut panel and enter the following runas command, in the “Target” field: runas.exe /user:Local_HostName\Local_admin_Account /savecred “C:\MyApplication_Path\MyApplication.exe”
So I did that and nothing happens. the application didn’t launch!
So I typed this command on the command line window, and here is the result:
The error states that the requested operation requires elevation! Yet, the user I used to run the program belongs to the local Administrators group!
Then I did another test; I run the command using the Builtin local administrator account, and it worked!
I can’t use the built-in administrator account to run the application. As recommended by Microsoft security best practices, the built-in administrator account should be disabled to prevent pass-the-hash and other credential theft attacks.
The Workaround was, to first run a command prompt as an administrator user, then from there, run the application.
Here is the full command I used:
runas.exe /user:Local_HostName\Local_admin_Account /savecred "cmd /C """C:\MyApplication_Path\MyApplication.exe"""
After entering the password for zine’s user, which is part of the local administrators’ group, the application launched properly.
Note that you just enter the administrator password once; the /savecred parameter will record used credentials for future uses.
To manage the saved credentials:
open the control panel
Click User Accounts, then on “Manage Windows Credentials“
Please leave a comment below and share this article on your preferred social media platform, so that other persons can benefit.