0

I am trying to automate a few things with a few scripts. One of the users in my PC has no admin privileges (I have a "Work" user and a "Gaming" user and I don't want the latter to be admin by default).

However sometimes I need to grant adminprivileges (sometimes when a game lauches asks for elevated privileges, or when installing a new game). When I'm on the computer there's no problem because I can always type in my admiin password, but now I'm trying to automate a few things and the only solutions I find to launch processes with elevated privileges is to use runas.

However this doesn't work as I want to, because this makes the admin account launch the process, so any user-dependant behaviour (for instance, steam being logged into my account).

I need a way to launch a program as a non-admin user and grant it elevated privileges in a way that I can automate.

So far I have tried running a task at the task scheduler that runs the task as the non-admin user and I have the check box "Run with highest privileges" but it doesn't work f the user running the task is non-admin.

EDIT: Just to make it clear, I'm fine with a solution that requires me to input admin password when I run the program. However the outcome should be that the process is run as the regular user (for instance, opening cmd, typing echo %username% and getting the non-admin account name, instead of the admin account name)

rovda
  • 221
  • 2
  • 10
  • Hopefully there is not. Because that would somehow undermine the whole concept ... – derpirscher May 25 '21 at 08:13
  • I know what you mean by that, but using the task scheduler to run an elevated process already breaks the security your'e talking about. For instance: If you run "CCleaner" (free version) (I know, CCleaner is not actually something that useful, I'm using it as an example) it demands elevated privileges, and it "cleans" user cache and temp files. But since my user ais no admin, CCleaner can only "clean" the admin account, but the non-admin account can't be cleaned because it can't run CCleaner on it's own. – rovda May 25 '21 at 08:17
  • A process run elevated, runs as the invoking user, but with a 'special' token, not as another administrative user. – Compo May 25 '21 at 13:13
  • @Compo could you please elaborate on that? I did not fully understod what you meant – rovda May 27 '21 at 17:29
  • 1
    Running elevated is like when your boss pops out to lunch and asks you to hold onto the key for the filing cabinet whilst they're gone. They've lent you the key, _(token)_, thus giving you permission to access the cabinet, _(extra privileges)_, but you are not the boss or a member of the management team, you're still you and a member of the oppressed team. You have just been elevated with a temporary special token granting you access to things only they normally have access to. _(If you read your own personnel file from that cabinet, it's still you reading it, not your boss)_. – Compo May 27 '21 at 18:03
  • That's exactly what I want. for instance I will give you my example. My PC has 2 accounts: "Work" (admin) and "Games". When I log into Games and open 'cmd' and execute 'echo %username% it outputs "Games". However if I run cmd as an administrator and do the same, it outputs "Work". Doesn't that mean that the whole process is being run as "the boss" even if the user interface is in the "opressed team" screen? I am not still me, I am %username% and %username% resolves to "Work". (Oh, and thank you or taking the time to explain this, I'm trying to wrap my brain around it) – rovda May 28 '21 at 20:38

0 Answers0