Bobcares

How to Run Program without Admin Privileges and Bypass UAC Prompt

by | Mar 31, 2021

It is possible to run the program without admin privileges for normal operations. For instance, we can manually grant permissions for our users on the app folder in the ProgramFiles and/or registry keys used by the program.

Today we’ll see how to run the program without admin privileges.

Here at Bobcares, we have seen several such Windows-related queries as part of our Server Management Services for web hosts and online service providers.

 

Why some Windows apps don’t run under standard users and require administrator permissions

In order to modify some files in its own folder in the C:\Program Files (x86)\SomeApp, an app may need administrator privileges. By default, users don’t have write and modify permissions on this directory.

For this program to work normally, administrator permissions are necessary. So, to resolve this problem, we have to manually grant the modify and/or write permission for a user on the app folder at the NTFS file system level.

 

How to run a program that requires admin privileges under the standard users

Here, we can use RunAs with the saved administrator password using the /SAVECRED option. However, it is insecure because users can use these saved administrator credentials to run any program on this computer.

Here, let’s take the Registry Editor as an example — regedit.exe (located in C:\Windows\ folder).

If we run regedit.exe, we will see a User Account Control window asking for the administrator credentials. If we do not provide a password and do not confirm elevation, the app won’t start.

Let’s try to bypass the UAC request for this program. We create the text file run-as-non-admin.bat containing the following code:

cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %1″

We can force the regedit.exe to run without the administrator privileges and suppress the UAC prompt. For that, we simply drag the EXE file we want to start to this BAT file on the desktop.

Then the Registry Editor should start without a UAC prompt and without entering an administrator password. If we open the Task Manager and add the Elevated column, we will see that there is the regedit.exe process without the elevated status.

We try to edit any parameter in the HKEY_LOCAL_MACHINE registry hive. Here, a user cannot edit the item in this registry key as they don’t have write permissions to the system registry keys. But we can add or edit registry keys and parameters in our user hive — HKEY_CURRENT_USER.

regedit run as a standard user without admin rights

In the same way, we can run any app using the BAT file. Just specify the path to the executable file.

run-app-as-non-admin.bat

Set ApplicationPath=”C:\Program Files\SomeApp\testapp.exe”
cmd /min /C “set __COMPAT_LAYER=RUNASINVOKER && start “” %ApplicationPath%”

We can also add a context menu that allows running all apps without elevation. To do it, we create the RunAsUser.REG file and copy the following code into it. Then we save and import it into the Windows registry by double-clicking on the reg file.

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker]
@=”Run as user without UAC privilege elevation”
[HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command]
@=”cmd /min /C \”set __COMPAT_LAYER=RUNASINVOKER && start \”\” \”%1\”\””

After that, to run any application without the administrator privileges, just select “Run as a user without UAC privilege elevation” in the context menu of File Explorer.

 

How to Bypass UAC with RunAsInvoker in __COMPAT_LAYER?

The environment variable __COMPAT_LAYER allows us to set different compatibility levels for the applications. We can use this variable to specify the compatibility settings to be used when starting a program. For example, to start an app in Windows 8 compatibility mode and 640×480 resolution, we set the following:

set __COMPAT_LAYER=Win8RTM 640x480

The RunAsInvoker parameter doesn’t provide the administrator permissions, but only suppresses the UAC prompt.

The below CMD code enables the RunAsInvoker mode for the current process and runs the specified program without elevation:

set __COMPAT_LAYER=RUNASINVOKER
start "" "C:\Program Files\MyApp\testapp.exe"

 

Enable RunAsInvoker Mode in the EXE File Manifest

Windows 10 displays a UAC shield icon for programs that require elevation to run. So developers set this requirement when compiling the application in the program manifest.

We can edit the manifest of any exe file and disable the requirement to run the program in elevated mode.

In order to edit the program manifest, we can use the free Resource Hacker tool. Open the executable file of the app in Resource Hacker.

In the tree on the left, we go to the Manifest section and open the program manifest. We find the below XML section:

<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>

Here, we change requireAdministrator to asInvoker and the save changes in exe file.

In this case, we can force the program to use an external manifest file. We create a plain text file appname.exe.manifest in the directory with the exe file. And copy the manifest code from Resource Hacker into it. We then change requireAdministrator to asInvoker. Then we save the manifest file.

To have Windows always try to use the external manifest file when launching exe files, we enable a special registry parameter:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide" /v PreferExternalManifest /t REG_DWORD /d 1 /f

Finally, we restart Windows and make sure the program is using an external manifest file that says to run without administrator privileges.

[Need any further assistance in running a program without admin privileges? – We are here to help you]

 

Conclusion

Today, we saw how our Support Engineers run a program without admin privileges

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

4 Comments

  1. Helen

    Complicated.
    What do you think about Runas and the parameter savecred to run an application with administrator rights?
    Or the tool Runasrob that can bypass the UAC and grant specific applications to run it with elevated privileges from a standard user account.

    Reply
  2. Joe besift

    Mine says there is an error accessing the registry, what do I do?

    Reply
  3. iHasSchool

    Nothing works. Tried everything, seems like everything is blocked.

    Reply
    • Syam S

      Ok, please contact our support team.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF