In a previous blog post, I discussed a method for allowing standard users to run programs with admin rights. While the solution proposed in that article relied on saved admin credentials, it posed a significant security risk.
In this article, I present an alternative approach that is both easy to implement and more secure. By bypassing User Account Control (UAC), we can grant program execution privileges without compromising system integrity. Read on to learn how to safely bypass UAC and run programs with elevated rights.
Understanding UAC and its Limitations
User Account Control (UAC) is a security mechanism that Windows systems employ to prompt users for administrator credentials when performing certain tasks or running programs requiring system resources. However, not all programs requesting admin credentials actually need them for execution.
In this article, I’ll take the example of the VLC Setup program.
Implementing the Secure Solution
To bypass UAC and run a program with elevated privileges, follow these steps:
1. Create a text file in the same location as the application you wish to run.
2. Open the text file and type the following commands:
set __COMPAT_LAYER=RunAsInvoker start <The_Name_Of_The_Application>
NB: The __COMPAT_LAYER variable is prefixed with two (02) underscore symbols.
3. Save the text file with a .bat extension to create a batch file.
That’s it, now you can run the BAT file, and bypass the UAC.
NB: If you can’t put the BAT file under the same location as the executable, because of the administrator privileges, you can create your BAT file on the desktop and use the following command:
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" <PATH_TO_THE_APPLICATION>"
In the above example, I run the “ServerManager.exe” application located under “C:\Program Files\My Report BE\Server“
Important: Pay attention to the quotation marks (“) you put in the command, otherwise the application may not start!
It is crucial to note that while this solution works for most applications and programs, there are a few exceptions where providing administrator credentials remains necessary:
- The application you want to run needs to change system resources.
- The application’s publisher is unverified.
By following the steps outlined in this article, you can safely bypass UAC and run programs with elevated privileges without compromising system security. However, it is essential to exercise caution and only use this method for trusted applications to mitigate potential risks.
Remember to evaluate the necessity of admin rights for each program and consider the source before bypassing UAC. With this improved solution, you can strike a balance between convenience and security when granting elevated privileges to standard users.