0

I'm using Windows 10 / DC Server 2012 R2 and I have some power users that needs to execute a manage-bde command that requires Local Administrator privilege.

Is there away that I can allow them to execute that one command without giving them the credentials for the administrator account?

Edit: my objective is to allow some users to encrypt usb sticks with manage-bde for some weirs use cases. Following Narzad advice , giving the wmi "method execute" is sufficient to make the command works.

Is it possible to push the change using GPO since changing it manually on every computer is not an option ?

admin9988
  • 1

1 Answers1

0

I take it that you wish to enable users to run one specific application as administrator without entering the password.

Run As GUI

The Technet program Run As GUI might be one solution (if it still works on Windows 10). It keeps the entered data safe in encrypted format. Pushing it to all users might require finding where it keeps that encrypted file, and distributing it together with the program.

image

Task Scheduler

Another solution might be to use the Task Scheduler to schedule running this application as administrator, but with a trigger that is never activated, and allow users to run it manually with the command :

schtasks /run /tn "task-name"

For more information see the article Windows 7: Elevated Program Shortcut without UAC Prompt - Create.

harrymc
  • 498,455