How to start an application elevated on account without admin privileges on Windows 10

Question

I need to start an application elevated on a user account without admin privileges. I am using Windows 10. The station will have two user accounts: admin and operator. All applications will be installed using the admin account (off course with admin rights). After that the user will be using the operator account.

I need the applications to run with elevated rights but without the UAC prompt.

I tried the following approaches:

• Using a windows service to run the apps. This poses a problem as the apps have a GUI and I cannot find a workaround for session 0 isolation.
• Using Task Scheduler to run the application. This also failed as the apps were started without GUI.
• Using runas. Also failed as I was faced with dealing with password and UAC prompt and some 'access denied' problems.

I am aware that some of the above methods may be regarded as bad practices. I am aware of potential risks. Also, my applications run on a dedicated machine in kiosk mode where the end user cannot interact with the OS.

Any help or hints (also regarding my failed approached) welcome!

Answer 1

It took a lot of reading, research and trial and error. However, I managed to stumble upon this repo which solves everything:

https://github.com/perspectivism/subverting-vista-uac

The code inside demonstrates how to start any application from a windows service and display the GUI in a given user's session.

Answer 2

I have developed similar apps a long time ago and I use the Task Scheduler trick to launch my app after logon with administrator privileges. I used C# (.NET 4.0) WinForms for the app and it launched without a problem (the GUI launched normally after logon).

To create the task:

Schtasks /Create /TN [admin username] /RU SYSTEM /SC ONLOGON /TR [path to the app]

Also make sure you have a proper app.manifest with the correct supportedOs and requestedPrivilege.

If you have tried the Task Scheduler method but you can't see your app GUI, check the Task Manager whether your app is really running without GUI or not. You can also use Sysinternals Spy++ to bring your app window to foreground.

Completely different approach would be separate your app into two parts. One as a Windows Service to interact with the target system and a GUI app that calls your Windows Service (maybe through named pipe or socket) to perform certain actions that requires admin privileges.

References:

• https://learn.microsoft.com/en-us/windows/win32/sysinfo/targeting-your-application-at-windows-8-1
• Start on logon with admin rights
• https://learn.microsoft.com/en-us/visualstudio/debugger/spy-increment-help?view=vs-2022