1

I need to allow a non-admin network user to run a specific exe as local administrator on Windows 7. Basically what I need is not to be prompted for admin credentials when I run that specific exe which updates existing software. First of all I gave user full access to folders containing all files which should be changed, but it still asked for credentials. I've read about making a shortcut with "runas /user[...] /savecred" but this will allow user to do so for any executable. Finally I've tried with scheduled tasks, ticking "Run with highest privileges" and doing all the procedure correctly, but when I try to run the task I keep getting prompted for admin credentials... I've tried this last step both with running the exe directly and through cmd (correctly passing the exe as parameter). Same results.

I have no idea what else to try...

Andrea de'Rose
  • 11
  • 1
  • Phills answer is correct in general. Scheduled Tasks can perform administrative tasks. You have to set them up so they get executed by a specific user, in case of administrative functions it should be an administrative account. I would *strongly* advise against trying to give an ordinary user administrative privileges. Either he is an administrator or he is not. Updating software requires more than just access to the folder, that's why it doesn't work. You have to have write permissions to the registry, shortcut folders, etc. A huge security risk if given to a regular user. – Broco Nov 20 '19 at 12:54

1 Answers1

0

I need to allow a non-admin network user to run a specific exe as local administrator on Windows 7.

Short answer: You can't.

A Regular user will always get tripped up by U.A.C. when they try to do something they [probably] shouldn't, like installing software.

A Scheduled Task should be able to perform this action, but it has to be run as a Local System[-type] account, not as an interactive user. The Task Scheduler is a Windows Service and runs within a privileges security context, unless you tell the Task to run as someone else. Running the Task a a Local System account should avoid the U.A.C. issue - except that you might require Administrative privileges on the machine in order to set up the Task in the first place - and the Users won't have permission to do so!

Phill W.
  • 1,336
  • 7
  • 7