Run program as non-Admin

[Joe Caverly]

I am running;

     _x64: 1
   _admin: 1
_elevated: 1

TCC  24.02.49 x64   Windows 10 [Version 10.0.18362.116]

I have a program which does not work properly when run as Admin, and displays the message "does not support the option "Run As Administrator".

I have the program pinned to the Windows TaskBar, and launch it from there, and it works, since it is not being launched via Administrator. Ditto if I launch it via the start menu.

I prefer to start my programs from the command line, so I have been using the RunFromProcess utility to launch this program non-Admin from the command line via a .BTM;

@setlocal
@echo off
cdd "C:\Program Files (x86)\Quicken"
runfromprocess-x64.exe explorer.exe %@truename[qw.exe]
endlocal

This works as it should.

I was looking for another method to run the program non-Admin without the use of a third-party tool, and discovered that I can create a Scheduled Task, which I can then launch via a .BTM;

@setlocal
@echo off
schtasks /run /tn RunQuicken
endlocal

Both of these methods also work from CMD.EXE, but if there is a TCC solution, please advise.

Joe

 

[vefatica]

Did you try this?

runas /trustlevel:0x20000 program

When I start TCC that way from an elevated TCC, the new TCC reports _ELEVATED=1 but, practically speakinng, it's not elevated; it can't do the things an elevated TCC can do.

 

[Joe Caverly]

Did you try this?

runas /trustlevel:0x20000 program

When I try;

runas /trustlevel:0x20000 qw.exe

...it runs the program, but gives me the "does not support the option "Run As Administrator".

     _x64: 1
   _admin: 1
_elevated: 1

TCC  24.02.49 x64   Windows 10 [Version 10.0.18362.116]

Ditto when I run it under CMD.EXE from TCMD.

It works if I use your solution from CMD.EXE or TCC.EXE that was launched from the start menu, which is expected.

     _x64: 1
   _admin: 1
_elevated: 0

TCC  24.02.49 x64   Windows 10 [Version 10.0.18362.116]

Joe

 

[vefatica]

Using RUNAS.EXE in this fashion in an elevated TCC

runas /user:%_winuser program

will start a TCC which reports _ELEVATED=0. It requires a password, though. That can be done with KEYSTACK, but it will require hard-coding the password somewhere.

 

[vefatica]

I don't fully understand this "elevated" thing. "Runas /trustlevel:0x20000" from an elevated app starts a program which TaskMgr says is elevated but which can't do anything (I have tried several things) that requires elevation. Clearly, being "elevated", whatever it means, does not mean an app has the privileges it would have if you started it from Explorer with RunAsAdministrator.

 

[Joe Caverly]

Using RUNAS.EXE in this fashion in an elevated TCC

runas /user:%_winuser program

will start a TCC which reports _ELEVATED=0. It requires a password, though. That can be done with KEYSTACK, but it will require hard-coding the password somewhere.

Thankyou @vefatica

I had to quote _winuser, due to the space;

c:\program files (x86)\quicken>runas "/user:%_winuser" qw.exe
Enter the password for Joe Caverly:
Attempting to start qw.exe as user "DESKTOP-H2JFFTF\Joe Caverly" ...

...and that does work, although I'm not too keen on having the password hard coded.

Joe

 

[MaartenG]

As Explorer (the shell) can only run with the credentials of the - unelevated - logged on user (*), you can simply let Explorer run your program, even when started from an elevated CMD:

explorer notepad.exe

Some caveats:
- you need to add the file extension.
- when started this way, Explorer doesn't honor App Path settings.



(*) On OS > WinXP

 

[vefatica]

Interesting, Maarten. Where did you learn that?

Actually, here, "explorer notepad.exe" opens my Documents folder. "Explorer c:\windows\system32\notepad.exe" starts notepad.

 

[Joe Caverly]

I happened across this site, which goes into detail about explorer;

The Windows Explorer Command Line

Joe

 

[vefatica]

I happened across this site, which goes into detail about explorer;

The Windows Explorer Command Line

Joe

I have seen many such sites. None mention getting explorer to start an EXE with "explorer drive:\path\program.exe". That seems like a good solution to your problem without using RUNAS. Did you try it?

 

[Joe Caverly]

Yepper, I tried it, and it works:

c:\programdata>c2p qw.exe

c:\program files (x86)\quicken>explorer.exe qw.exe

Note that I did not have to use the drive:\path\program.exe option, but instead, changed to the directory first.

Joe

 

[w_krieger]

In the old days, that's what progman.exe did. Provide a window for the app to run.

 

[AnrDaemon]

Why your TCC runs elevated to begin with?
It seems you've created a problem for yourself that you want us to solve.
Just fix your TCC already.

Also, what this topic does in CMD forum?

 

[MaartenG]

Interesting, Maarten. Where did you learn that?

Mainly some creativity with a little basic knowledge. Haven't read anything about it anywhere.
So no source. Sorry.

 

[AnrDaemon]

As Explorer (the shell) can only run with the credentials of the - unelevated - logged on user (*), you can simply let Explorer run your program

Got a moment to confirm this claim. This works even if Explorer is not the current Windows shell.
And for the source: many trojans like to install themselves in autorun thorough the shell launch registry entry.