You can run apps elevated (as administrator) without getting the UAC elevation prompt when logged in to an administrator account.
For instance, we can manually grant permissions for our users on the app folder in the ProgramFiles and/or registry keys used by the program.
In this context, we shall look into how to run the program without admin privileges.
Why some Windows apps don't run under standard users and require administrator permissions ?
In order to modify some files in its own folder in the C:\Program Files (x86)\SomeApp, an app may need administrator privileges. By default, users don’t have write and modify permissions on this directory.
For this program to work normally, administrator permissions are necessary.
So, to resolve this problem, we have to manually grant the modify and/or write permission for a user on the app folder at the NTFS file system level.
How to run a program that requires admin privileges under the standard users ?
Here, we can use RunAs with the saved administrator password using the /SAVECRED option. However, it is insecure because users can use these saved administrator credentials to run any program on this computer.
Let's consider an easier way to force any program to run without administrator privileges and with UAC enabled.
Here, let's take the Registry Editor as an example — regedit.exe (located in C:\Windows\ folder).
If we run regedit.exe, we will see a User Account Control window asking for the administrator credentials. If we do not provide a password and do not confirm elevation, the app will not start.
Let us try to bypass the UAC request for this program.
We create the text file run-as-non-admin.bat containing the following code on the Desktop:
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %1″
We can force the regedit.exe to run without the administrator privileges and suppress the UAC prompt. For that, we simply drag the EXE file we want to start to this BAT file on the desktop.
Then the Registry Editor should start without a UAC prompt and without entering an administrator password. If we open the Task Manager and add the Elevated column, we will see that there is the regedit.exe process without the elevated status.
We try to edit any parameter in the HKEY_LOCAL_MACHINE registry hive.
Here, a user cannot edit the item in this registry key as they don't have write permissions to the system registry keys. But we can add or edit registry keys and parameters in our user hive — HKEY_CURRENT_USER.
regedit run as a standard user without admin rights
In the same way, we can run any app using the BAT file. Just specify the path to the executable file:
Set ApplicationPath=”C:\Program Files\SomeApp\testapp.exe”
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %ApplicationPath%”
We can also add a context menu that allows running all apps without elevation.
To do it, we create the RunAsUser.REG file and copy the following code into it.
Then we save and import it into the Windows registry by double-clicking on the reg file:
Windows Registry Editor Version 5.00
@=”Run as user without UAC privilege elevation”
@=”cmd /min /C \”set __COMPAT_LAYER=RUNASINVOKER && start \”\” \”%1\”\””
After that, to run any application without the administrator privileges, just select “Run as a user without UAC privilege elevation” in the context menu of File Explorer.