15

When you right-click a program and hold down the shift key, an extra option is displayed "Run As Different User"

Conversely, my boss says that if you click "Run as Administrator" you have more power than if you login as a domain account. So what's the difference between these two options?

A E
  • 148
  • 6
leeand00
  • 4,807
  • 13
  • 64
  • 106

1 Answers1

33

This is really a matter of learning what the security tokens are on Windows these days, but I'll copy/paste an answer from SO found here: https://stackoverflow.com/questions/8986971/what-precisely-does-run-as-administrator-do since it isn't possible to close as dupe cross-site.

When you log on Windows creates an access token. This identifies you, the groups you are a member of and your privileges. And note that whether a user is an administrator or not is determined by whether the user is a member of the Administrators group.

Without UAC, when you run a program it gets a copy of the access token, and this controls what the program can access.

With UAC, when you run a program it gets a restricted access token. The is the original access token with "Administrators" removed from the list of groups (and some other changes). Even though your user is a member of the Administrators group, the program can't use Administrator privileges.

When you select "Run as Administrator" and your user is an administrator the program is launched with the original unrestricted access token. If your user is not an administrator you are prompted for an administrator account, and the program is run under that account.

Credit to: arx

See here for more reading:

How User Account Control Works

User Account Control Documentation

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • 3
    So disabling UAC removes the need for 'Run as Administrator' when on an administrator account? – Mast Mar 06 '15 at 10:32
  • 4
    @Mast but also decreases security, as every application you run now has administrator privileges by default. –  Mar 06 '15 at 12:40