How to run a program elevated at startup in a standard account when UAC is enabled

Discussion in 'other security issues & news' started by MrBrian, Aug 26, 2010.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    How to run a program elevated at startup in a standard account in Vista or later when UAC is not disabled:

    We'll use a program called RunasSpc.

    1. Log into a standard account and download RunasSpc.
    2. Log into the admin account in which you want to run the program elevated when in the standard account.
    3. In Windows Explorer, right-click on the program's .exe (the one that you want to run elevated), right-click Properties, go to Compatibility tab, and check "Run this program as an administrator."
    4. Unzip RunasSpc and move the unzipped RunasSpc folder to its desired permanent location, such as within Program Files.
    5. Run runasspcadmin.exe. Provide credentials for the admin account in the Username and Password fields. In the 'Path\Application.exe' field, provide the path to the program that you wish to run elevated. Click command 'Save Cryptfile'. Click 'Test Cryptfile' if you want to test that the program is launched elevated. Exit runasspcadmin. Move the saved .spc file to the desired location, perhaps to the same folder where the program to launch elevated is located.
    6. Log into the standard account to use.
    7. In Windows Explorer, go to the folder where the standard user's Startup folder is located. You can find this folder by right-clicking on Startup in the start menu and then choosing Properties. Right-click and choose New->Shortcut. In the Target field, enter "path of runasspc.exe" "path of cryptfile generated in step 5" /quiet. Replace the items in italics with the appropriate information.
    8. Test by logging out and then back into the standard account. You should get a UAC prompt for the launching of the program, but no credentials will be asked for. The program should now be running elevated.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Is there a known way to do this natively, without the use of task scheduler, which I always disable? I looked a little, but found nothing. Have your travels revealed anything?

    Sul.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Not that I know of. In fact, the task scheduler technique works only in an admin account.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I've noticed that sometimes the program to run elevated at startup doesn't launch. Here are instructions that may help to eliminate or reduce the incidence of the issue:

    We'll use a program called RunasSpc.

    1. Log into a standard account and download RunasSpc.
    2. Log into the admin account in which you want to run the program elevated when in the standard account.
    3. In Windows Explorer, right-click on the program's .exe (the one that you want to run elevated), right-click Properties, go to Compatibility tab, and check "Run this program as an administrator."
    4. Unzip RunasSpc and move the unzipped RunasSpc folder to its desired permanent location, such as within Program Files.
    5. Run runasspcadmin.exe elevated. Provide credentials for the admin account that you're currently using in the Username and Password fields. In the 'Path\Application.exe' field, provide the path to the program that you wish to run elevated. Click command 'Save Cryptfile'. Click 'Test Cryptfile' if you want to test that the program is launched elevated. Exit runasspcadmin. By default, the cryptfile is placed in the same folder where the program to launch elevated is located. You can move it elsewhere if desired.
    6. Run Task Scheduler. Click 'Create Task'. Give the task an appropriate name. Click 'Change User or Group' and specify the name of the standard account to use. Click the 'Triggers' tab. Create a new trigger that runs 'At log on' for the standard account to use. Delay the task for perhaps '15 seconds'. On the 'Actions' tab, create a new action to 'Start a program'. In 'Program/script' type "path of runasspc.exe". In 'Add arguments' type /cryptfile:"path of cryptfile generated in step 5" /quiet. Replace the text in italics with the appropriate information. On the 'Conditions' tab, uncheck 'Start the task only if the computer is on AC power'. Click 'OK'.
    7. Test by logging into the standard account. You should get a UAC prompt for the launching of the program, but no credentials will be asked for. The program should now be running elevated.

    You may have to change the delay time in step 6 to a larger value if the program sometimes fails to launch.
     
    Last edited: Sep 15, 2010
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I noticed that step 7 in the original post is incorrect.
    Incorrect sentence: In the Target field, enter "path of runasspc.exe" "path of cryptfile generated in step 5" /quiet.
    Corrected sentence: In the Target field, enter "path of runasspc.exe" /cryptfile:"path of cryptfile generated in step 5" /quiet.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.