Home / server / Questions / 127471
Accepted
Josh
Asked: 2010-03-30 13:22:38 +0800 CST

Allowing non-admins to run programs as admins on Windows 7

  • 772

On *nix, admins can use the setuid flag to allow non-admins to run certain programs that would otherwise require admin privileges. Is there any way to do something similar in Windows 7?

This question has been asked here before for Windows XP, and the answers were generally unsatisfying. I'm wondering if Windows 7 provides a better way.

One idea I can think of would be to use Microsoft's Subsystem for UNIX Applications, but I'd rather not install that on every user's system if I can avoid it.

Another idea I can think of (which would work on XP too, but I haven't seen it mentioned anywhere) would be to create a RunAsAdmin application that runs as a service, that takes a whitelist of "safe" apps and can be asked (from a command line, batch file or script) to run any program on the list as LocalSystem or whatever account the service uses. Is this possible?

Are there any solutions that aren't as clunky as those? Or, has anyone implemented either of the above techniques successfully?

permissions windows-7

4 Answers

  1. Best Answer

    It may be fruitful to investigate why the program needs admin priveledges. If it comes down to things like file or registry permissions, then you may be able to get the program operating under non-admin credentials by adjusting permissions to grant the user access.

    • 7

  2. The question should not be "how do I grant admin privileges", the question should be how to I get the correct priviliges to the user to run the application. In windows, "admin privileges" refers to a collection of privileges that an admin gets by default. There are very few applications that require all of those privileges. You should audit the applications privilege use and adjust the user rights accordingly (preferably by creating a group and assigning the rights to that group). This concept is known as the Principle of Least Privilege

    • 4

  3. http://www.technize.com/how-to-always-run-programs-as-administrator-in-windows-7/

    1. Right click the program you wish to grant administrative privileges
    2. Go to Properties –> Compatibility Tab
    3. At the end of the compatibility tab, you will find the following check box: Run this program as an administrator
    4. Just check the check box and click OK and then again OK.
    5. This will grant administrative privileges to that program permanently.

    If you want to grant the program administrative privileges for all the users, then you can do so by going again to compatibility tab and clicking Change settings for all users.

    Check the check box which says Run this program as an administrator.

    Now the program will run in administrative mode for all the users of the system.

    • 1

  4. Look into RunAsGui. It allows you to store an encrypted credentials of an admin for a given program you want to allow your users to use. It's free.

    • 1