Saturday, 22 June 2019

Windows 7 schedule a process start with admin privileges for a standard user


On my personal Win7 machine, my user account is a standard account, and there is also an Administrator account which I obviously control. One app that I have start up with Windows needs admin privileges to work correctly. It's AIDA64 sidebar, in case anyone is curious.


I've searched this site, the web, and the AIDA64 support forums for ideas on how to make it work, with no good results. I've scheduled tasks for it to start up under the admin account, but in that case it never even shows as running for the standard user (although if the standard user launches it manually "as admin" then it works fine). Alternately I can schedule it for the standard user with "highest privileges" which I've seen recommended dozens of times, but that does not work, since it uses only the user's highest accessible privileges, and not the admin's, even if the admin is the one scheduling the task!


The closest thing to a real solution I've seen is to use runas /savedcred in the scheduled task, but that is a huge security hole that nobody recommends. If that is the only way to do it, I'd rather just make my user account an admin and be done with it.


I know there are a lot of security options that I'm unaware of or have never used. I'm hoping there is some way to accomplish this that I haven't considered yet.



Answer



There are several ways to run the app




  1. Open CMD as Administrator and move to directory where app is stored and try to launch the app Via cmd shell




  2. Again open cmd shell as Administrator and use PsExec to launch the app using different admin account and look into processor explorer if app is launched in different session ( i am assuming you will create other admin user on your machine)




  3. Try to launch the App with Elevated token using PsExec -h Option from admin cmd shell if it works, then the app will also launch from Default Administator account of your machine if it is enabled in compmgmt.msc




  4. using the same elevated cmd shell try to launch the app in session 0 see if it works using Psexec -s -i 0 app and look through process explorer if it is actually launched




  5. you can also try and launch the app in your current session under system account and see if it works




  6. you can also use psexec to launch the app under user privilages from your admin shell using psexec -u user -p password option and see if it is launched




Also try At option of taskschedular to launch your app and finally you can use processor explorer > options >select coloums > view commandline to see exactly which command the app uses to launch when it is launched under administrator as you said, then you can use same command to launch the app, with this you can also debug why the app is not launching using task schedular and learning from processor explorer


No comments:

Post a Comment

How can I VLOOKUP in multiple Excel documents?

I am trying to VLOOKUP reference data with around 400 seperate Excel files. Is it possible to do this in a quick way rather than doing it m...