It is possible to run the program without admin privileges for normal operations. For instance, we can manually grant permissions for our users on the app folder in the ProgramFiles and/or registry keys used by the program.
Today we’ll see how to run the program without admin privileges.
Here at Bobcares, we have seen several such Windows-related queries as part of our Server Management Services for web hosts and online service providers.
Why some Windows apps don’t run under standard users and require administrator permissions
In order to modify some files in its own folder in the C:\Program Files (x86)\SomeApp, an app may need administrator privileges. By default, users don’t have write and modify permissions on this directory.
For this program to work normally, administrator permissions are necessary. So, to resolve this problem, we have to manually grant the modify and/or write permission for a user on the app folder at the NTFS file system level.
How to run a program that requires admin privileges under the standard users
Here, we can use RunAs with the saved administrator password using the /SAVECRED option. However, it is insecure because users can use these saved administrator credentials to run any program on this computer.
Here, let’s take the Registry Editor as an example — regedit.exe (located in C:\Windows\ folder).
If we run regedit.exe, we will see a User Account Control window asking for the administrator credentials. If we do not provide a password and do not confirm elevation, the app won’t start.
Let’s try to bypass the UAC request for this program. We create the text file run-as-non-admin.bat containing the following code:
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %1″
We can force the regedit.exe to run without the administrator privileges and suppress the UAC prompt. For that, we simply drag the EXE file we want to start to this BAT file on the desktop.
Then the Registry Editor should start without a UAC prompt and without entering an administrator password. If we open the Task Manager and add the Elevated column, we will see that there is the regedit.exe process without the elevated status.
We try to edit any parameter in the HKEY_LOCAL_MACHINE registry hive. Here, a user cannot edit the item in this registry key as they don’t have write permissions to the system registry keys. But we can add or edit registry keys and parameters in our user hive — HKEY_CURRENT_USER.
regedit
run as a standard user without admin rights
In the same way, we can run any app using the BAT file. Just specify the path to the executable file.
run-app-as-non-admin.bat
Set ApplicationPath=”C:\Program Files\SomeApp\testapp.exe”
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %ApplicationPath%”
We can also add a context menu that allows running all apps without elevation. To do it, we create the RunAsUser.REG file and copy the following code into it. Then we save and import it into the Windows registry by double-clicking on the reg file.
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker] @=”Run as user without UAC privilege elevation” [HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command] @=”cmd /min /C \”set __COMPAT_LAYER=RUNASINVOKER && start \”\” \”%1\”\””
After that, to run any application without the administrator privileges, just select “Run as a user without UAC privilege elevation” in the context menu of File Explorer.
How to Bypass UAC with RunAsInvoker in __COMPAT_LAYER?
The environment variable __COMPAT_LAYER allows us to set different compatibility levels for the applications. We can use this variable to specify the compatibility settings to be used when starting a program. For example, to start an app in Windows 8 compatibility mode and 640×480 resolution, we set the following:
set __COMPAT_LAYER=Win8RTM 640x480
The RunAsInvoker parameter doesn’t provide the administrator permissions, but only suppresses the UAC prompt.
The below CMD code enables the RunAsInvoker mode for the current process and runs the specified program without elevation:
set __COMPAT_LAYER=RUNASINVOKER start "" "C:\Program Files\MyApp\testapp.exe"
Enable RunAsInvoker Mode in the EXE File Manifest
Windows 10 displays a UAC shield icon for programs that require elevation to run. So developers set this requirement when compiling the application in the program manifest.
We can edit the manifest of any exe file and disable the requirement to run the program in elevated mode.
In order to edit the program manifest, we can use the free Resource Hacker tool. Open the executable file of the app in Resource Hacker.
In the tree on the left, we go to the Manifest section and open the program manifest. We find the below XML section:
<requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges>
Here, we change requireAdministrator to asInvoker and the save changes in exe file.
In this case, we can force the program to use an external manifest file. We create a plain text file appname.exe.manifest in the directory with the exe file. And copy the manifest code from Resource Hacker into it. We then change requireAdministrator to asInvoker. Then we save the manifest file.
To have Windows always try to use the external manifest file when launching exe files, we enable a special registry parameter:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide" /v PreferExternalManifest /t REG_DWORD /d 1 /f
Finally, we restart Windows and make sure the program is using an external manifest file that says to run without administrator privileges.
[Need any further assistance in running a program without admin privileges? – We are here to help you]
Conclusion
Today, we saw how our Support Engineers run a program without admin privileges
Complicated.
What do you think about Runas and the parameter savecred to run an application with administrator rights?
Or the tool Runasrob that can bypass the UAC and grant specific applications to run it with elevated privileges from a standard user account.
Mine says there is an error accessing the registry, what do I do?
Nothing works. Tried everything, seems like everything is blocked.
Ok, please contact our support team.