The problematic
Some programs and applications need to be run with admin privileges. In this particular case, a standard user with limited privileges, will not be able to run this program.
I was facing this situation a few days ago, to allow standard users to run a corporate application that needs to be started with admin rights.
So, how can you allow a standard user to run this kind of program without giving him a full administration rights on the computer?
What I’ve tested
I found some posts that suggest the following solution:
- Create a local username with admin rights;
- In the user session, create an application shortcut on the desktop;
- On the Shortcut properties, click the shortcut panel and enter the following runas command, in the “Target” field: runas.exe /user:Local_HostName\Local_admin_Account /savecred “C:\MyApplication_Path\MyApplication.exe”
So I did that and nothing happens. the application didn’t launch!
So I typed this command on the command line window, and here is the result:
The error states that the requested operation requires elevation! Yet, the user I used to run the program belongs to the local Administrators group!
Then I did another test; I run the command using the Builtin local administrator account, and it worked!
I can’t use the built-in administrator account to run the application. As recommended by Microsoft security best practices, the built-in administrator account should be disabled to prevent pass-the-hash and other credential theft attacks.
The Workaround
The Workaround was, to first run a command prompt as an administrator user, then from there, run the application.
Here is the full command I used:
runas.exe /user:Local_HostName\Local_admin_Account /savecred "cmd /C """C:\MyApplication_Path\MyApplication.exe"""
After entering the password for zine’s user, which is part of the local administrators’ group, the application launched properly.
Note that you just enter the administrator password once; the /savecred parameter will record used credentials for future uses.
To manage the saved credentials:
open the control panel
Click User Accounts, then on “Manage Windows Credentials“
Please leave a comment below and share this article on your preferred social media platform, so that other persons can benefit.
Pingback: How To Run Program Without Admin Rights on Windows 10,11 - ZineTek
I am looking for the same answer. Would be nice if the box didn’t pop up.
the fix worked, but the command leaves behind a black box that we can’t seem to get to get to go away. Any input on how we could get that box to stop popping up? We are deploying an app to a place where that box may raise questions.