0
Running a Windows Server 2016 TP4 (you can think of it as Win10). There is an Admin account and a standard user account. Talking about local accounts here. No domain yet. The program I need to run requires elevation. The issue is with running it from the std user account.
This is NOT a duplicate of hundreds of identical questions. The solution to create a task and run the task by shortcut is not working here. Running the task by shortcut from the Admin account does work, but not from the std account.
Since I want this program to always be running, I created a task that will start it at logon of any user. But same results as with the above method. It works only for the admin account. The exe is not started.
Setting the task to run at computer startup (rather than at user logon) DID actually work, but then it runs in session ID 0, and I need the user to be able to interact with the program.
I tried adding it to HKLM\Software\Microsoft\Windows\CurrentVersion\Run, same results. In HKCU, same results.
Tried a logon script by GPO to start the exe, same results. Tried the logon script at computer startup, but as expected, it runs in session ID 0 :(
Tried logon script set directly on the user profile, same results.
I tried the all the above methods with a few other processes that require elevation, same result with all of them. None of them can start an elevated process for the std user. Event viewer isn't showing anything on this. I'm thinking there's some new protection something that preventing it.
Any ideas?
Dr.Ping
Posted 2016-03-01T21:45:33.567
Reputation: 159
You keep talking about getting the "same results", but haven't really explained what results you're actually getting, other than saying it doesn't work. In what way does it 'not work' when run from the standard account? Any error dialogs? What program is this, or what is it supposed to actually do? Have you determined what it is that the program is attempting to do that requires Admin privileges? – Ƭᴇcʜιᴇ007 – 2016-03-01T22:16:30.237
If you set your task to trigger when a user logs on, but set the task to run it with an administrator account, what happens? – Ƭᴇcʜιᴇ007 – 2016-03-01T22:18:16.660
I thought I explained it well enough. Results that I'm getting is that the process does not start. No error or any denials messages in any of the attempts I described. Also nothing in the event viewer. Obviously when I set the task to trigger at user logon I set it to run with the Admin account, and "Run with highest priviliges". BTW, I also tried that as a separate task only for the std user, and "Run with highets priviliges – Dr.Ping – 2016-03-01T22:49:49.023
As I said, at this point I'm pretty confident that it's nothing about this particular program, but rather some security something in the OS. Because I tried all those things with a few other stuff, all with the same results. Maybe something that can be disabled via group policy or registry change. – Dr.Ping – 2016-03-01T22:54:38.693