You can run apps elevated (as administrator) without getting the UAC elevation prompt when logged in to an administrator account.
For instance, we can manually grant permissions for our users on the app folder in the ProgramFiles and/or registry keys used by the program.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to resolve Windows related queries.
In this context, we shall look into how to run the program without admin privileges.
In order to modify some files in its own folder in the C:\Program Files (x86)\SomeApp, an app may need administrator privileges. By default, users don’t have write and modify permissions on this directory.
For this program to work normally, administrator permissions are necessary.
So, to resolve this problem, we have to manually grant the modify and/or write permission for a user on the app folder at the NTFS file system level.
Here, we can use RunAs with the saved administrator password using the /SAVECRED option. However, it is insecure because users can use these saved administrator credentials to run any program on this computer.
Let's consider an easier way to force any program to run without administrator privileges and with UAC enabled.
Here, let's take the Registry Editor as an example — regedit.exe (located in C:\Windows\ folder).
If we run regedit.exe, we will see a User Account Control window asking for the administrator credentials. If we do not provide a password and do not confirm elevation, the app will not start.
Let us try to bypass the UAC request for this program.
We create the text file run-as-non-admin.bat containing the following code on the Desktop:
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %1″
We can force the regedit.exe to run without the administrator privileges and suppress the UAC prompt. For that, we simply drag the EXE file we want to start to this BAT file on the desktop.
Then the Registry Editor should start without a UAC prompt and without entering an administrator password. If we open the Task Manager and add the Elevated column, we will see that there is the regedit.exe process without the elevated status.
We try to edit any parameter in the HKEY_LOCAL_MACHINE registry hive.
Here, a user cannot edit the item in this registry key as they don't have write permissions to the system registry keys. But we can add or edit registry keys and parameters in our user hive — HKEY_CURRENT_USER.
regedit run as a standard user without admin rights
In the same way, we can run any app using the BAT file. Just specify the path to the executable file:
Set ApplicationPath=”C:\Program Files\SomeApp\testapp.exe”
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %ApplicationPath%”
We can also add a context menu that allows running all apps without elevation.
To do it, we create the RunAsUser.REG file and copy the following code into it.
Then we save and import it into the Windows registry by double-clicking on the reg file:
Windows Registry Editor Version 5.00
@=”Run as user without UAC privilege elevation”
@=”cmd /min /C \”set __COMPAT_LAYER=RUNASINVOKER && start \”\” \”%1\”\””
After that, to run any application without the administrator privileges, just select “Run as a user without UAC privilege elevation” in the context menu of File Explorer.
This article covers how to run a program without admin privileges. The trick to bypass UAC is to create a scheduled task (with highest privileges) for each program that you want to run, and then invoke the scheduled task item manually using schtasks.exe .
UAC helps keep your computer secure. If you reflexively disable UAC when setting up a computer, you should give it another try – UAC and the Windows software ecosystem have come a long way from when UAC was introduced with Windows Vista.
To Eliminate UAC Prompts for Specific Applications:
1. In Task Scheduler, right-click "Task Scheduler Library" and select "New Folder" Name it whatever you would like.
2. Select the new folder and click "Create Task" (not "Create Basic Task")
3. Name the task something descriptive. ...
4. Under the Actions tab, select "Start a program" in the Action dropdown if it isn't already.
To bypass UAC administrator password:
1. Right-click Start button at left lower corner of PC, select Control Panel.
2. Click User Accounts and family Safety.
3. Click User Accounts.
4. Click Change your account type.
5. Enter Admin password and click Yes to continue.
6. Select Administrator as your new account type, and click Change Account Type.