How to Run Program without Admin Privileges and to Bypass UAC Prompt? | Windows OS Hub

When started, many programs require license natural elevation ( shield on the app icon ), but actually they don ’ t need the administrator privileges for their normal operation. For case, you can manually grant permissions for your users on the app folder in the ProgramFiles and/or register keys used by the program. then when starting such a program under non-admin drug user account, a UAC prompt will appear and the exploiter will be required to enter an administrator password ( if User Account Control is enabled on the computer ). To bypass this mechanism, many users simple disable UAC or grant admin privileges to a drug user by adding a user score to the local anesthetic group “ Administrators ”. Of course, both methods are not safe .

Why some Windows apps not run under standard users and require administrator permissions?

An app may need the administrator privileges to modify some files ( logs, configs, etc. ) in its own booklet in the C : \Program Files ( x86 ) \SomeApp. By default, users don ’ t have edit ( write and modify ) permissions on this directory. In orderliness this program to work normally, the administrator permissions are required. To solve this problem, you have to manually grant the modify and/or write license for a drug user ( or the built-in Users group ) on the app booklet at the NTFS file system level .
assigning edit permissions on folder for regular users
Note. actually, it is not recommended to store the changing application data in its own booklet under C : \Program Files. It ’ randomness better to store the app data in the exploiter profile. But it is a question of laziness and incompetence of the app developers .

How to run a program that requires admin privileges under standard user?

Earlier we described how to disable a UAC prompt for the certain app using RunAsInvoker parameter. however, this method is not flexible adequate .
You can besides use RunAs with the keep open administrator password ( in the Windows Credentials Manager ) using the /SAVECRED choice. It is besides insecure because the drug user can use the keep open administrator credentials password to run any program on this computer .
Let ’ s consider an easier way to force any program to run without administrator privileges ( without entering the admin password ) and with UAC enabled ( Level 4, 3 or 2 of the UAC luger ) .
Let ’ s take the Registry Editor as an example — regedit.exe ( it is located in the C : \Windows\ booklet ). Notice the UAC shield next to the app icon. This icon means that elevation of privileges via UAC will be requested to run this plan .
uac shield next to the app icon on windows10
If you run regedit.exe, you will see a User Account Control window asking for the administrator credentials ( Do you want to allow this app to make changes to your device? ). If you do not provide a password and do not confirm natural elevation, the app won ’ thymine originate .
uac prompts for admin password to run program
Let ’ s test to bypass the UAC request for this program. Create the textbook file run-as-non-admin.bat containing the watch code on your desktop :
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" %1"
To force the regedit.exe to run without the administrator privileges and to suppress the UAC prompt, simple drag the EXE file you want to start to this BAT file on the background .
run a program under user with UAC prompt bypass
then the Registry Editor should start without a UAC prompt and without entering an administrator password. If you open the Task Manager and add the Elevated column, you will see that there is the regedit.exe process without the elevated status ( run with non-admin user permissions ) .
task manager not elevated app
Try to edit any parameter in the HKEY_LOCAL_MACHINE register beehive. As you can see, a drug user can not edit the item in this register key ( the exploiter doesn ’ triiodothyronine have write permissions to the system register keys ). But you can add or edit register keys and parameters in your exploiter hive — HKEY_CURRENT_USER .
regedit run as standard user without admin rights
In the like way you can run any app using the BAT file. Just specify the path to the feasible file .
run-app-as-non-admin.bat
Set ApplicationPath="C:\Program Files\SomeApp\testapp.exe"
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" %ApplicationPath%"

You can besides add a context menu that allows to run all apps without elevation. To do it, create the RunAsUser.REG file, copy the pursuit code into it, save and import it into the Windows register by double clicking on the reg file ( you will need administrator permissions to apply this change ) .

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker]
@="Run as user without UAC privilege elevation"
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command]
@="cmd /min /C \"set __COMPAT_LAYER=RUNASINVOKER && start \"\" \"%1\"\""

add run without uac elevation to file explorer on win10
After that, to run any application without the administrator privileges, precisely blue-ribbon “ Run as user without UAC privilege elevation ” in the context menu of File Explorer.

You can deploy this option to all computers in the world by importing the register parameters using GPO Run program as user without UAC privilege elevation
Let me remind you once again that using the program in the RUNASINVOKER mode won ’ thyroxine give up you to elevate the program. The RunAsInvoker suppresses UAC prompt and tells the program that it should run with the permissions of the current drug user, and not ask for elevation of privileges. If a program in truth needs elevated railway privileges to edit system settings or files, it won ’ deoxythymidine monophosphate oeuvre or will ask for admin permissions again .

How to Bypass UAC with RunAsInvoker in __COMPAT_LAYER?

The environment variable __COMPAT_LAYER allows you to set different compatibility levels for the applications ( the Compatibility pill in the properties of an EXE file ). Using this variable, you can specify the compatibility settings to be used when starting a course of study. For exercise, to start an app in Windows 8 compatibility mode and 640×480 resolution, set the follow :
set __COMPAT_LAYER=Win8RTM 640x480
run an ap in windows compatibility mode
The __COMPAT_LAYER variable has some options we are concerned in. There are the keep up parameters :

  • RunAsInvoker – run an app with the privileges of a parent process without the UAC prompt;
  • RunAsHighest – run a program with the highest-level permission available to the user (the UAC prompt will appear if a user has the administrator privileges);
  • RunAsAdmin – run an app as administrator (the UAC prompt appears each time).

It means that the RunAsInvoker parameter doesn ’ thymine provide the administrator permissions, but entirely suppresses the UAC immediate .
The comply CMD code enables the RunAsInvoker modality for the current process and runs the assign program without natural elevation :
set __COMPAT_LAYER=RUNASINVOKER
start "" "C:\Program Files\MyApp\testapp.exe"

Enable RunAsInvoker Mode in the EXE File Manifest

As we said above, Windows 10 displays a UAC shield icon for programs that require acme to run. Developers set this requirement when compiling the application in the broadcast manifest .
You can edit the manifest of any exe file and disable the necessity to run the platform in exalted mood .
To edit the broadcast manifest, you can use the rid Resource Hacker tool. Open the feasible file of the app in Resource Hacker .
Autologon.exe tool by Sysinternals, which can be used In this exercise, I will edit the manifest of thetool by Sysinternals, which can be used to mechanically log into Windows without a password In the tree on the left, go to the Manifest section and open the program manifest. Pay attention to the follow xml section :



It is thanks to the requireAdministrator choice that Windows always tries to run this program as an administrator .
Change requireAdministrator to asInvoker and the save changes in exe file .
edit manifest of the exe file add asInvoker option
note that now the UAC shield has disappeared from the course of study icon, and you can run it without asking for administrator password with the current exploiter permissions .
remove uac shield from app icon via manifest
If the feasible app file is signed with MS Authenticode ( Code Signing certificate ), then after modifying the exe file, it may stop working or issue a admonitory. In this case, you can force the course of study to use an external attest file. Create a plain textbook file appname.exe.manifest ( for case, Autologon.exe.manifest ) in the directory with the exe file and copy the manifest code from Resource Hacker into it. Change requireAdministrator to asInvoker. Save the manifest file .
To have Windows always try to use the external apparent file when launching exe files, enable a extra register parameter :
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide" /v PreferExternalManifest /t REG_DWORD /d 1 /f

Restart Windows and make surely the program is using an external manifest file that says to run without administrator privileges .

source : https://swivelcard.info
Category : Tech FAQ

Related Posts

Leave a Reply

Your email address will not be published.