Some days ago, I promised to write about the different ways of elevating an application, i.e. to run it with Administrator privileges in Windows Vista. If you use Vista already, you have probably noticed these UAC (User Account Control) prompts. Every time you start an application requiring Administrator rights, UAC will bug you with this message: “Windows needs your permission to continue”.
Only if you see this pop-up an app will use a user’s full administrator access token. If you don’t get this UAC prompt that means the application won’t run with Administrator privileges even if you logged on as a user belonging to the Administrator group. Vista does this automatically for UAC compliant tools. However, with legacy applications Vista often fails to detect if Administrator privileges are required. Please, read my post about elevated applications in Windows Vista for more details. In those cases where Vista’s detection mechanism fails, you have to make sure by yourself that an app will run with the required rights.
If you want to play with this elevation thing, you can create a batch file which copies a file to C:\Windows. Only if you start this batch file as an elevated application will it be able to copy the file to its destination. So far I know eight ways to elevate an application that would run it with Administrator privileges:
1. Run as administrator
You can just right click on the tool and select “Run as administrator”. This is not very convenient, if you have to do this with all administration tools you use daily.
Another way is to hit the Windows key, type in the name of the program, and then start it with CTRL+SHIFT+ENTER.
3. Marking the application with “Run this program as Administrator”
You can mark the tools needing Administrator privileges: Open file properties, go to Compatibility, and select the “Run this program as Administrator” check box.
4. Command Prompt
You can also start an applications at an elevated execution level from an elevated command prompt. In this case, the UAC pop-up doesn’t even bug you.
5. Start the application from another elevated application
You can try this with the Windows Task Manager. Go to C:\Windows\System32 using the Windows Explorer and right click on taskmgr.exe. Select “Run as administrator”. Since the Task Manager is now running as an elevated application, you can start any other app with Administrator rights with it. Click on “File” in the Menu and then select “New Task (Run…)”
6. Use Group Policy or the Windows Registry to mark applications
This option is useful if you want to mark applications with a requested execution level for the whole Windows Domain. For this you have to create a registry entry under
The value of this entry has to be RUNASADMIN. If you want to use Group Policy to mark one or multiple apps this way, you have to create your own ADMX file.
7. Manifest file
I’ve read on several sites that it is possible to automatically start an application at an elevated level, if there is a so-called manifest file in the same folder. I tried it with some legacy applications, but it didn’t work. I didn’t try too long, though. I suppose, this is not a feasible option for sys admins, anyway.
Update: I found another way to elevate a Vista application: You have to add a task to the Task Scheduler and configure it to “run with highest privileges”. Then you create a shortcut on your desktop referring to this task. SeanDaniel.com has a detailed description.
Unfortunately, most of the ways described here won’t prevent these UAC pop-ups from getting on your nerves (Microsoft calls this “Secure Desktop Prompting”). In a future post I will show you how to get rid of them, and why this will improve security.