163

Is there any way that I can force a program that normally requires administrator privileges (via UAC) to run without them? (ie: no UAC prompt and no system-wide access.)

Added: Without modifying the executable itself.

In spite of James's answer, I have found a few ways that it can almost be done:

  1. By modifying the executable I can remove the trustInfo entry from the manifest (or the manifest entirely, so I can use an external one), allowing the program to start without UAC. Unfortunately this modifies the executable, so it exits shortly after due to an internal checksum test.
  2. By using Process Explorer I can launch it as a Limited User. However this seems to limit it significantly more than I would like (it runs like Protected Mode IE and so can access significantly less than what my standard un-elevated user can).
Andrew Russell
  • 1,895

11 Answers11

105
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker]
@="Run without privilege elevation"

[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command]
@="cmd /min /C \"set __COMPAT_LAYER=RUNASINVOKER && start \"\" \"%1\"\""

Save this text in <name_of_file>.reg and add it to the Windows Registry. (Double-clicking on it should do the trick.)

Afterwards, right-click the app you'd like to run without administrative privileges and select "Run without privilege elevation".

In some cases - small amount 0.1% of programs may ask twice about UAC prompt.

Vom
  • 1,082
83

Save to nonadmin.bat:

cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" %1"

Now you can drag and drop programs to this to run them without admin.

This doesn't require admin privileges as changing that registry key does. Also you won't clutter the context menu.

Based on Vom's answer

Update: Should now work with programs that have spaces in name as well.

Hjulle
  • 1,062
44

I hope I'm not too late to the party, but I was looking for a similar question and without seeing an answer here I found out that Windows' builtin RunAscommand, when run as administrator, can do that with /trustlevel switch.

RUNAS /trustlevel:<TrustLevel> program

/showtrustlevels  displays the trust levels that can be used
                  as arguments to /trustlevel.
/trustlevel       <Level> should be one of levels enumerated
                  in /showtrustlevels.

This worked in my case. Ironically, starting a program explicitly without elevation requires an elevated command prompt. Go figure. :) I hope it helps you.

Mxx
  • 2,889
31

If you have a particular application that you want to always run without UAC, you can target it with the Registry (add the text to a REG file and import it into the Registry):

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\\example\\application.exe"="RunAsInvoker"

Unlike this answer, this solution requires no alternate click or change to user interaction.

Microsoft calls this process adding the RunAsInvoker "Compatibility Shim".

Community
  • 1
palswim
  • 3,601
8

If it's a setup (installation) exe file that is requiring administration privilege, there's a trick to run it without elevated access:

If the file's name contains words like setup or install windows forcefully runs it with elevated access even if it doesn't need elevated access:

enter image description here

If the .exe file has a manifest in it, these heuristics for elevation do not apply.

For example if the manifest indicates that the exe does not need elevation, even including any of these words in the file name won't make it run as elevated.

Another keyword is patch as stated by Mgamerz in the comments.

This is documented on the UAC (User Account Control) docs:

Installer detection detects setup files, which helps prevent installations from being run without the user's knowledge and consent.

Installer detection only applies to:

  • 32-bit executable files.

  • Applications without a requested execution level attribute.

  • Interactive processes running as a standard user with UAC enabled.

Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:

  • The file name includes keywords such as "install," "setup," or "update."

  • ...

Read mode here: https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works

Shayan
  • 1,893
3

While in his question Andrew stated that the following did not quite work:

By modifying the executable I can remove the trustInfo entry from the manifest (or the manifest entirely, so I can use an external one), allowing the program to start without UAC. Unfortunately this modifies the executable, so it exits shortly after due to an internal checksum test.

I was able to modify an external .manifest file for the software I was using and change

<ms_asmv2:requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

to

<ms_asmv2:requestedExecutionLevel level="asInvoker" uiAccess="false" />

Turns out the software I was using did not really require administrator rights so I was able to run it on a Standard User account without UAC or administrator passwords. Thanks!

Aurimas
  • 234
2

None of the above answers allowed me to run desired cmd.exe without admin privileges.

Only way it worked was with LogicDaemon's comment:

PsExec -l cmd.exe
Destroy666
  • 12,350
isidroco
  • 66
2

I solved this problem today using the MS application customization toolkit.

I followed the instructions in a tech republic article.

Basically:

1) you get the toolkit from MS here .

2) Click Fix

3) Choose the RunAsInvoker option

4) Right Click the fix and choose Install

0xC0000022L
  • 7,544
  • 10
  • 54
  • 94
user53639
  • 246
1

There is two ways. You can use RunAs with a standard user name:

RunAs /user:StandardUser C:\Temp\Foo.exe

But you'll need to enter the user's password.

Or you can use PsExec from SysInternal, where you can pass the password as an argument:

PsExec -u StandardUser -p secret C:\Temp\Foo.exe
Maxence
  • 171
-4

I fixed this problem by going changing the permissions on the folder that contained the program.

I added each user that will run that program and gave them "full control" priviledges. That took care of the problem and I left the "run as admin" unchecked.

I don't have any security concerns for the users who will be running the program.

slhck
  • 235,242
Tim D
  • 1
  • 1
-8

No, if a program requires UAC then it is trying to access something outside of its sandbox. The program will not correctly run without the elevated access.

If you just want to get rid of the notification, you can disable UAC.

Disable UAC on Windows Vista: Start, type "user". Click on "User Accounts". On the window that pops up, click on "User Account Control Settings" and then Turn off UAC.

Disable UAC on Windows 7: Start, type "user". Click on "User Account Control Settings". Drag the choice bar all the way to the bottom to "Never Notify."

James Watt
  • 1,823