Latest posts by Michael Pietroforte (see all)
- Result of the 4sysops 2016 topic poll - Tue, Apr 5 2016
- New free eBooks for SysAdmins and DevOps – VMware NSX, Windows 10, SQL Server 2016 - Mon, Mar 14 2016
- Introducing the 4sysops IT pro network - Tue, Mar 1 2016
Only if you see this pop-up an app will use a user’s full administrator access token. If you don’t get this UAC prompt that means the application won’t run with Administrator privileges even if you logged on as a user belonging to the Administrator group. Vista does this automatically for UAC compliant tools. However, with legacy applications Vista often fails to detect if Administrator privileges are required. Please, read my post about elevated applications in Windows Vista for more details. In those cases where Vista’s detection mechanism fails, you have to make sure by yourself that an app will run with the required rights.
If you want to play with this elevation thing, you can create a batch file which copies a file to C:\Windows. Only if you start this batch file as an elevated application will it be able to copy the file to its destination. So far I know eight ways to elevate an application that would run it with Administrator privileges:
1. Run as administrator ^
You can just right click on the tool and select “Run as administrator”. This is not very convenient, if you have to do this with all administration tools you use daily.
2. CTRL+SHIFT+ENTER ^
Another way is to hit the Windows key, type in the name of the program, and then start it with CTRL+SHIFT+ENTER.
3. Marking the application with “Run this program as Administrator” ^
You can mark the tools needing Administrator privileges: Open file properties, go to Compatibility, and select the “Run this program as Administrator” check box.
4. Command Prompt ^
You can also start an applications at an elevated execution level from an elevated command prompt. In this case, the UAC pop-up doesn’t even bug you.
5. Start the application from another elevated application ^
You can try this with the Windows Task Manager. Go to C:\Windows\System32 using the Windows Explorer and right click on taskmgr.exe. Select “Run as administrator”. Since the Task Manager is now running as an elevated application, you can start any other app with Administrator rights with it. Click on “File” in the Menu and then select “New Task (Run…)”
6. Use Group Policy or the Windows Registry to mark applications ^
This option is useful if you want to mark applications with a requested execution level for the whole Windows Domain. For this you have to create a registry entry under
The value of this entry has to be RUNASADMIN. If you want to use Group Policy to mark one or multiple apps this way, you have to create your own ADMX file.
7. Manifest file ^
I’ve read on several sites that it is possible to automatically start an application at an elevated level, if there is a so-called manifest file in the same folder. I tried it with some legacy applications, but it didn’t work. I didn’t try too long, though. I suppose, this is not a feasible option for sys admins, anyway.
Update: I found another way to elevate a Vista application: You have to add a task to the Task Scheduler and configure it to “run with highest privileges”. Then you create a shortcut on your desktop referring to this task. SeanDaniel.com has a detailed description.
Unfortunately, most of the ways described here won’t prevent these UAC pop-ups from getting on your nerves (Microsoft calls this “Secure Desktop Prompting”). In a future post I will show you how to get rid of them, and why this will improve security.