Run program as non-Admin

I am running;
Code:
     _x64: 1
   _admin: 1
_elevated: 1

TCC  24.02.49 x64   Windows 10 [Version 10.0.18362.116]
I have a program which does not work properly when run as Admin, and displays the message "does not support the option "Run As Administrator".

I have the program pinned to the Windows TaskBar, and launch it from there, and it works, since it is not being launched via Administrator. Ditto if I launch it via the start menu.

I prefer to start my programs from the command line, so I have been using the RunFromProcess utility to launch this program non-Admin from the command line via a .BTM;
Code:
@setlocal
@echo off
cdd "C:\Program Files (x86)\Quicken"
runfromprocess-x64.exe explorer.exe %@truename[qw.exe]
endlocal
This works as it should.

I was looking for another method to run the program non-Admin without the use of a third-party tool, and discovered that I can create a Scheduled Task, which I can then launch via a .BTM;
Code:
@setlocal
@echo off
schtasks /run /tn RunQuicken
endlocal
Both of these methods also work from CMD.EXE, but if there is a TCC solution, please advise.

Joe
 
May 20, 2008
9,445
64
Syracuse, NY, USA
Did you try this?
Code:
runas /trustlevel:0x20000 program
When I start TCC that way from an elevated TCC, the new TCC reports _ELEVATED=1 but, practically speakinng, it's not elevated; it can't do the things an elevated TCC can do.
 
Did you try this?
Code:
runas /trustlevel:0x20000 program
When I try;
Code:
runas /trustlevel:0x20000 qw.exe
...it runs the program, but gives me the "does not support the option "Run As Administrator".

Code:
     _x64: 1
   _admin: 1
_elevated: 1

TCC  24.02.49 x64   Windows 10 [Version 10.0.18362.116]
Ditto when I run it under CMD.EXE from TCMD.

It works if I use your solution from CMD.EXE or TCC.EXE that was launched from the start menu, which is expected.
Code:
     _x64: 1
   _admin: 1
_elevated: 0

TCC  24.02.49 x64   Windows 10 [Version 10.0.18362.116]
Joe
 
May 20, 2008
9,445
64
Syracuse, NY, USA
Using RUNAS.EXE in this fashion in an elevated TCC
Code:
runas /user:%_winuser program
will start a TCC which reports _ELEVATED=0. It requires a password, though. That can be done with KEYSTACK, but it will require hard-coding the password somewhere.
 
May 20, 2008
9,445
64
Syracuse, NY, USA
I don't fully understand this "elevated" thing. "Runas /trustlevel:0x20000" from an elevated app starts a program which TaskMgr says is elevated but which can't do anything (I have tried several things) that requires elevation. Clearly, being "elevated", whatever it means, does not mean an app has the privileges it would have if you started it from Explorer with RunAsAdministrator.
 
Using RUNAS.EXE in this fashion in an elevated TCC
Code:
runas /user:%_winuser program
will start a TCC which reports _ELEVATED=0. It requires a password, though. That can be done with KEYSTACK, but it will require hard-coding the password somewhere.
Thankyou @vefatica

I had to quote _winuser, due to the space;
Code:
c:\program files (x86)\quicken>runas "/user:%_winuser" qw.exe
Enter the password for Joe Caverly:
Attempting to start qw.exe as user "DESKTOP-H2JFFTF\Joe Caverly" ...
...and that does work, although I'm not too keen on having the password hard coded.

Joe
 
Aug 3, 2016
375
9
Netherlands
As Explorer (the shell) can only run with the credentials of the - unelevated - logged on user (*), you can simply let Explorer run your program, even when started from an elevated CMD:

Code:
explorer notepad.exe
Some caveats:
- you need to add the file extension.
- when started this way, Explorer doesn't honor App Path settings.



(*) On OS > WinXP
 
May 20, 2008
9,445
64
Syracuse, NY, USA
Interesting, Maarten. Where did you learn that?

Actually, here, "explorer notepad.exe" opens my Documents folder. "Explorer c:\windows\system32\notepad.exe" starts notepad.
 
Aug 23, 2010
390
5
Why your TCC runs elevated to begin with?
It seems you've created a problem for yourself that you want us to solve.
Just fix your TCC already.

Also, what this topic does in CMD forum?
 
Aug 23, 2010
390
5
As Explorer (the shell) can only run with the credentials of the - unelevated - logged on user (*), you can simply let Explorer run your program
Got a moment to confirm this claim. This works even if Explorer is not the current Windows shell.
And for the source: many trojans like to install themselves in autorun thorough the shell launch registry entry.