Bobcares

How to Run Program without Admin Privileges and Bypass UAC Prompt

by | Mar 31, 2021

It is possible to run the program without admin privileges for normal operations. For instance, we can manually grant permissions for our users on the app folder in the ProgramFiles and/or registry keys used by the program.

Today we’ll see how to run the program without admin privileges.

Here at Bobcares, we have seen several such Windows-related queries as part of our Server Management Services for web hosts and online service providers.

 

Why some Windows apps don’t run under standard users and require administrator permissions

In order to modify some files in its own folder in the C:\Program Files (x86)\SomeApp, an app may need administrator privileges. By default, users don’t have write and modify permissions on this directory.

For this program to work normally, administrator permissions are necessary. So, to resolve this problem, we have to manually grant the modify and/or write permission for a user on the app folder at the NTFS file system level.

 

How to run a program that requires admin privileges under the standard users

Here, we can use RunAs with the saved administrator password using the /SAVECRED option. However, it is insecure because users can use these saved administrator credentials to run any program on this computer.

Here, let’s take the Registry Editor as an example — regedit.exe (located in C:\Windows\ folder).

If we run regedit.exe, we will see a User Account Control window asking for the administrator credentials. If we do not provide a password and do not confirm elevation, the app won’t start.

Let’s try to bypass the UAC request for this program. We create the text file run-as-non-admin.bat containing the following code:

cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %1″

We can force the regedit.exe to run without the administrator privileges and suppress the UAC prompt. For that, we simply drag the EXE file we want to start to this BAT file on the desktop.

Then the Registry Editor should start without a UAC prompt and without entering an administrator password. If we open the Task Manager and add the Elevated column, we will see that there is the regedit.exe process without the elevated status.

We try to edit any parameter in the HKEY_LOCAL_MACHINE registry hive. Here, a user cannot edit the item in this registry key as they don’t have write permissions to the system registry keys. But we can add or edit registry keys and parameters in our user hive — HKEY_CURRENT_USER.

regedit run as a standard user without admin rights

In the same way, we can run any app using the BAT file. Just specify the path to the executable file.

run-app-as-non-admin.bat

Set ApplicationPath=”C:\Program Files\SomeApp\testapp.exe”
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %ApplicationPath%”

We can also add a context menu that allows running all apps without elevation. To do it, we create the RunAsUser.REG file and copy the following code into it. Then we save and import it into the Windows registry by double-clicking on the reg file.

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker]
@=”Run as user without UAC privilege elevation”
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command]
@=”cmd /min /C \”set __COMPAT_LAYER=RUNASINVOKER && start \”\” \”%1\”\””

After that, to run any application without the administrator privileges, just select “Run as a user without UAC privilege elevation” in the context menu of File Explorer.

 

How to Bypass UAC with RunAsInvoker in __COMPAT_LAYER?

The environment variable __COMPAT_LAYER allows us to set different compatibility levels for the applications. We can use this variable to specify the compatibility settings to be used when starting a program. For example, to start an app in Windows 8 compatibility mode and 640×480 resolution, we set the following:

set __COMPAT_LAYER=Win8RTM 640x480

The RunAsInvoker parameter doesn’t provide the administrator permissions, but only suppresses the UAC prompt.

The below CMD code enables the RunAsInvoker mode for the current process and runs the specified program without elevation:

set __COMPAT_LAYER=RUNASINVOKER
start "" "C:\Program Files\MyApp\testapp.exe"

 

Enable RunAsInvoker Mode in the EXE File Manifest

Windows 10 displays a UAC shield icon for programs that require elevation to run. So developers set this requirement when compiling the application in the program manifest.

We can edit the manifest of any exe file and disable the requirement to run the program in elevated mode.

In order to edit the program manifest, we can use the free Resource Hacker tool. Open the executable file of the app in Resource Hacker.

In the tree on the left, we go to the Manifest section and open the program manifest. We find the below XML section:

<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>

Here, we change requireAdministrator to asInvoker and the save changes in exe file.

In this case, we can force the program to use an external manifest file. We create a plain text file appname.exe.manifest in the directory with the exe file. And copy the manifest code from Resource Hacker into it. We then change requireAdministrator to asInvoker. Then we save the manifest file.

To have Windows always try to use the external manifest file when launching exe files, we enable a special registry parameter:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide" /v PreferExternalManifest /t REG_DWORD /d 1 /f

Finally, we restart Windows and make sure the program is using an external manifest file that says to run without administrator privileges.

[Need any further assistance in running a program without admin privileges? – We are here to help you]

 

Conclusion

Today, we saw how our Support Engineers run a program without admin privileges

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

4 Comments

  1. Helen

    Complicated.
    What do you think about Runas and the parameter savecred to run an application with administrator rights?
    Or the tool Runasrob that can bypass the UAC and grant specific applications to run it with elevated privileges from a standard user account.

    Reply
  2. Joe besift

    Mine says there is an error accessing the registry, what do I do?

    Reply
  3. iHasSchool

    Nothing works. Tried everything, seems like everything is blocked.

    Reply
    • Syam S

      Ok, please contact our support team.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.