Vista’s UAC: 7 ways how to elevate an application to run it with Administrator rights

Michael PietroforteMVP By Michael Pietroforte - Wed, December 27, 2006 - 25 comments google+ icon

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in system administration.

Some days ago, I promised to write about the different ways of elevating an application, i.e. to run it with Administrator privileges in Windows Vista. If you use Vista already, you have probably noticed these UAC (User Account Control) prompts. Every time you start an application requiring Administrator rights, UAC will bug you with this message: “Windows needs your permission to continue”.

Only if you see this pop-up an app will use a user’s full administrator access token. If you don’t get this UAC prompt that means the application won’t run with Administrator privileges even if you logged on as a user belonging to the Administrator group. Vista does this automatically for UAC compliant tools. However, with legacy applications Vista often fails to detect if Administrator privileges are required. Please, read my post about elevated applications in Windows Vista for more details. In those cases where Vista’s detection mechanism fails, you have to make sure by yourself that an app will run with the required rights.

If you want to play with this elevation thing, you can create a batch file which copies a file to C:\Windows. Only if you start this batch file as an elevated application will it be able to copy the file to its destination. So far I know eight ways to elevate an application that would run it with Administrator privileges:

1. Run as administrator

You can just right click on the tool and select “Run as administrator”. This is not very convenient, if you have to do this with all administration tools you use daily.

2. CTRL+SHIFT+ENTER

Another way is to hit the Windows key, type in the name of the program, and then start it with CTRL+SHIFT+ENTER.

3. Marking the application with “Run this program as Administrator”

You can mark the tools needing Administrator privileges: Open file properties, go to Compatibility, and select the “Run this program as Administrator” check box.

4. Command Prompt

You can also start an applications at an elevated execution level from an elevated command prompt. In this case, the UAC pop-up doesn’t even bug you.

5. Start the application from another elevated application

You can try this with the Windows Task Manager. Go to C:\Windows\System32 using the Windows Explorer and right click on taskmgr.exe. Select “Run as administrator”. Since the Task Manager is now running as an elevated application, you can start any other app with Administrator rights with it. Click on “File” in the Menu and then select “New Task (Run…)”

6. Use Group Policy or the Windows Registry to mark applications

This option is useful if you want to mark applications with a requested execution level for the whole Windows Domain. For this you have to create a registry entry under

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\<path_to_executable>

The value of this entry has to be RUNASADMIN. If you want to use Group Policy to mark one or multiple apps this way, you have to create your own ADMX file.

7. Manifest file

I’ve read on several sites that it is possible to automatically start an application at an elevated level, if there is a so-called manifest file in the same folder. I tried it with some legacy applications, but it didn’t work. I didn’t try too long, though. I suppose, this is not a feasible option for sys admins, anyway.

Update: I found another way to elevate a Vista application: You have to add a task to the Task Scheduler and configure it to “run with highest privileges”. Then you create a shortcut on your desktop referring to this task. SeanDaniel.com has a detailed description.

Unfortunately, most of the ways described here won’t prevent these UAC pop-ups from getting on your nerves (Microsoft calls this “Secure Desktop Prompting”). In a future post I will show you how to get rid of them, and why this will improve security.

-1+1 (+1 rating, 1 votes)
Loading ... Loading ...
Disclaimer
Your question wasn't answered? Please ask in the new 4sysops forum!

25 Comments- Leave a Reply

  1. James says:

    I’m suprised there is not an executable similar to “runas”.

    IE i would like to be able to do this;

    UAC /run: c:\temp\myapp.exe

    This would then cause the UAC dialog to appear and then run my app.

  2. Maria says:

    It’s really a headache trying to run Explorer.exe in Administrative mode… I can’t even create a new file in the normal user mode!

  3. Jeff says:

    I need to deploy an app that modifies the install dir under Program Files.

    Is there an automated way to configure a shortcut to run it’s application in admin mode?

  4. Angel says:

    None of those applications worked for me..Everytime I tired to run it under adm.’s privilege it just restarted my computer

  5. Michael Pietroforte Michael says:

    Angel, I suppose your application is just not Vista ready.

  6. Ancat says:

    I log in as a standard user but now want to edit a file in the global Program Files folder. I cannot save after edit because I will not have the right. Is there anyway to open the file with elevated privileges? Or elevate this user to Admin rights for sometime..

  7. Michael Pietroforte Michael says:

    Ancat, you have to open this file with an elevated editor such as notepad first. So right click on notepad, navigate to “Run as administrator” and then enter the password for one of the admins that UAC displays. Now you can edit files in the Program Files folder with this instance of notepad.

  8. srinivas says:

    wonderful step ! Really appreciate.. Registry edit worked well.

  9. yuval says:

    I’ve edited the “layers” reg key and it does affect the check box in the Compatibility tab of the file. But it didn’t act the same as if I modified the checkbox in that tab.
    Probably something else is still requiered besides adding RUNASADMIN to this regkey.
    Any idea ?

    Yuval.

  10. nn says:

    I’d like to run a program without granting it administrative rights. The program was written for XP. Vista marks the program with shield icon and asks for elevated rights in order to run it, but I actually I don’t want to provide the elevated rights. I understand that with administrative credentials the program will not be 100% functional under Vista, but I’m fine with it. I prefer to run it with limited functionality instead of not running it at all, or running it as an admin.

  11. Jamie says:

    What I found for VB 6 legacy applications and the UAC is to create an installer and allow the dll’s and ocx files that did not ship with Vista to install to a common file folder. Vista then copies it over to the system 32 folder and registers them properly with the UAC intact. Since I use access as a backend database it does copy the database to the virtual store so I had to caution users to delete that file but not the folder.
    So far the common file folder helped me alot. I noticed that anything that says setup.exe also prompts for the elevated permsissions level. But setup.exe is too generic for most people to use.

  12. [...] Llevaba tiempo buscando algo parecido a esto y por fin he encontrado esta aplicación. Todo administrador tarde o temprano se enfrenta con el problema de habilitar temporalmente o puntualmente a un usuario para que pueda realizar una función de administrador o instalar algún programa / parche. No nos equivoquemos , nada es comparable al fantástico “sudo” de Linux, pero esta aplicación nos puede ayudar bastante. Funciona de la siguiente manera, primero tenemos que rellenar todos los datos del administrador, el comando a ejecutar y un directorio. Steel Run As crea un fichero ejecutable que el usuario podrá ejecutar, con todos los privilegios del administrador (nota, si tienes la UAC habilitada en Vista, en XP no tendrás este problema, tendrás que elevarla, para saber como pulsa aquí). [...]

  13. farrel says:

    i have try the 3 and 4 mehod to run a rosetta stone dvd on my laptop o/s vista.

  14. You can use Elevate as well. This works quite well.

    http://www.wintellect.com/CS/blogs/jrobbins/archive/2007/03/27/elevate-a-process-at-the-command-line-in-vista.aspx

    Wayne Leiser, CTO
    Spectacular Computer Repair
    http://www.scrfix.com
    941.923.6280
    Mon – Thu 11am – 7pm EST
    Fri – Sat 11am – 3pm EST

  15. Allan Sutton says:

    Trying to load in files for applications such as video cameras is a nightmare. I’m sorely tempted to bin Vista and go back to good old reliable XP. Does anyone else feel the same?

  16. Digitizer says:

    You may use this sudo.exe app (thanks linux) to run any program elevated.
    This is a few lines in C++ but works fine for me

  17. Rob Mahn says:

    Item 4 in the document is obscured by an advertisement that cannot be moved.

  18. Carolina says:

    I’m developing a VB6 application and I had to ask each final user to right-click on the shortcut, press Properties, go to Compatibility tab and mark “Run as administrator” check box. That is the way I found to run my application on Win7 without any problem.

  19. Arun vasanth says:

    Sir,
    The registry work fine in my application, i need to call the application via shell command that needs to run the exe with administrator (copy files to c dir)with out any prompt.
    Thanks a lot
    Bye

  20. Mariem says:

    I use a simple tool elevate.exe on robotronic.de/elevate.html to run applications, cmd or explorer with higher privileges.
    elevate cmd.exe
    elevate explorer.exe

  21. TheThing says:

    I wrote a bat file that creates some vbscript to envoke the usual dialogue asking the user for elevated privileges to continue, and then continues the batch file with admin access. I put an example here. It’s dead simple to do, I hope it helps some… http://jagaroth.livejournal.com/63875.html

  22. arghhvista says:

    ehh… i just want to create a batch to open taskmgr in elevated rights in 1 click and yeah.. first i had to make explorer.exe an elevated process by default. so i took ownership of it of it through many obstacles and then took full control over it and THEN was able to make it an elevated process by default… ugh vista is so fken bad.

  23. arghhvista says:

    oops! im wrong… as it is vista… i need special permissions which are not available to me SO i cant mark it as run as admin…

  24. Wise Quotes says:

    It would never be a wise decision to install Windows Vista. Rather than vista XP would be a wise option. I remember one of the Wise quotes – This is the true joy in life, the being used for a purpose recognized by yourself as a mighty one the being thoroughly worn out before you are thrown on the scrap heap the being a force of Nature instead of a feverish selfish little clod of ailments and grievances complaining that the world will not devote itself to making you Wise.

  25. Wise man says:

    Today windows 07 is available in market. Still this will be a wise decision to opt for an Xp because that was the best operating system till date. I used all of 2003, 2005, Xp, vista and 07 And I think Xp is the best till now and Vista is the worst one. There should be a quote that never purchase vista. There are so many problems with vista. A wise person will opt for 07 today not for vista . Because the troubleshooting is also not good in vista. And today the quotation for windows 07 is very cheap. So for what you are waiting for select the quotation wisely and boom the world.

Please share your thoughts in a comment!

Login

Lost your password?