Wed 27 Dec 2006
Some days ago, I promised to write about the different ways of elevating an application, i.e. to run it with Administrator privileges in Windows Vista. If you use Vista already, you have probably noticed these UAC (User Account Control) prompts. Every time you start an application requiring Administrator rights, UAC will bug you with this message: “Windows needs your permission to continue”.
Only if you see this pop-up an app will use a user’s full administrator access token. If you don’t get this UAC prompt that means the application won’t run with Administrator privileges even if you logged on as a user belonging to the Administrator group. Vista does this automatically for UAC compliant tools. However, with legacy applications Vista often fails to detect if Administrator privileges are required. Please, read my post about elevated applications in Windows Vista for more details. In those cases where Vista’s detection mechanism fails, you have to make sure by yourself that an app will run with the required rights.
If you want to play with this elevation thing, you can create a batch file which copies a file to C:\Windows. Only if you start this batch file as an elevated application will it be able to copy the file to its destination. So far I know eight ways to elevate an application that would run it with Administrator privileges:
1. Run as administrator
You can just right click on the tool and select “Run as administrator”. This is not very convenient, if you have to do this with all administration tools you use daily.
2. CTRL+SHIFT+ENTER
Another way is to hit the Windows key, type in the name of the program, and then start it with CTRL+SHIFT+ENTER.
3. Marking the application with “Run this program as Administrator”
You can mark the tools needing Administrator privileges: Open file properties, go to Compatibility, and select the “Run this program as Administrator” check box.
5. Command Prompt
You can also start an applications at an elevated execution level from an elevated command prompt. In this case, the UAC pop-up doesn’t even bug you.
6. Start the application from another elevated application
You can try this with the Windows Task Manager. Go to C:\Windows\System32 using the Windows Explorer and right click on taskmgr.exe. Select “Run as administrator”. Since the Task Manager is now running as an elevated application, you can start any other app with Administrator rights with it. Click on “File” in the Menu and then select “New Task (Run…)”
7. Use Group Policy or the Windows Registry to mark applications
This option is useful if you want to mark applications with a requested execution level for the whole Windows Domain. For this you have to create a registry entry under
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\<path_to_executable>
The value of this entry has to be RUNASADMIN. If you want to use Group Policy to mark one or multiple apps this way, you have to create your own ADMX file.
8. Manifest file
I’ve read on several sites that it is possible to automatically start an application at an elevated level, if there is a so-called manifest file in the same folder. I tried it with some legacy applications, but it didn’t work. I didn’t try too long, though. I suppose, this is not a feasible option for sys admins, anyway.
Update: I found a ninth way to elevate a Vista application: You have to add a task to the Task Scheduler and configure it to “run with highest privileges”. Then you create a shortcut on your desktop referring to this task. SeanDaniel.com has a detailed description.
Unfortunately, most of the ways described here won’t prevent these UAC pop-ups from getting on your nerves (Microsoft calls this “Secure Desktop Prompting”). In a future post I will show you how to get rid of them, and why this will improve security.
Newsletter: 
Loading ...
I’m suprised there is not an executable similar to “runas”.
IE i would like to be able to do this;
UAC /run: c:\temp\myapp.exe
This would then cause the UAC dialog to appear and then run my app.
It’s really a headache trying to run Explorer.exe in Administrative mode… I can’t even create a new file in the normal user mode!
I need to deploy an app that modifies the install dir under Program Files.
Is there an automated way to configure a shortcut to run it’s application in admin mode?
None of those applications worked for me..Everytime I tired to run it under adm.’s privilege it just restarted my computer
Angel, I suppose your application is just not Vista ready.
I log in as a standard user but now want to edit a file in the global Program Files folder. I cannot save after edit because I will not have the right. Is there anyway to open the file with elevated privileges? Or elevate this user to Admin rights for sometime..
Ancat, you have to open this file with an elevated editor such as notepad first. So right click on notepad, navigate to “Run as administrator” and then enter the password for one of the admins that UAC displays. Now you can edit files in the Program Files folder with this instance of notepad.
wonderful step ! Really appreciate.. Registry edit worked well.
I’ve edited the “layers” reg key and it does affect the check box in the Compatibility tab of the file. But it didn’t act the same as if I modified the checkbox in that tab.
Probably something else is still requiered besides adding RUNASADMIN to this regkey.
Any idea ?
Yuval.