running my game with admin privs on windows 10 -- task scheduler problems

I have an old game my wife and I like to play; I've installed it on a brand-new windows 10 machine and it runs fine from the command line and from double-clicking the executable in File Explorer.

However, it always displays the UAC "Do you want this program to make changes" prompt when it is run that way, and I'm trying to run the game without that.

Various instructions point me to the task scheduler: create a task, give it "highest privileges", allow it to run on demand, then create a shortcut to run that task.

So I create the task in Task Scheduler, and instructions reasonably suggest testing it to run from there, and that's where I'm stuck now. I can't seem to get the game to run by having Task Scheduler run the task I created.

Under "General" (in task scheduler properties for this task) I have "run only when user is logged on", "run with highest privileges", and "configure for Windows 10". Triggers is empty. Actions has "Start a program" and the full pathname including the executable name and ".exe". Under conditions I unchecked "start the task only if the computer is on AC power", and didn't check any of the other boxes.

If I right-click the task and choose 'Run', it changes the task status to "Running" but nothing else happens. If I go to a privileged command prompt and try to use "schtasks /run /tn taskName", I get a message saying it started the task successfully and nothing else happens.

I suppose I should mention that this game is a "full-screen" game; all normal Windows windows disappear and this is the only thing on the screen. I don't know, of course, whether that makes any difference.

One other oddity -- I thought perhaps changing the default option of "Start the task only if the computer is on AC power" might be a problem, so I went back to the task properties and attempted to change that. When I do that I get something like "the task xml contains a value which is incorrectly formatted or out of range". I would expect to get an error attempting to run the task, in that case, but thought I would mention that for what it's worth.

The game is "Caesar III", in case that matters to anyone. How would I get this to run without the UAC prompt, whether through task scheduler or otherwise?

rcook

Posted 2018-04-18T11:14:58.803

Reputation: 135

Even if you used the task scheduler method you would still have to escalate the programs permissions – Ramhound – 2018-04-18T11:30:43.457

Is that additional click really that much of a problem? I suppose you've already spent more time on researching how to avoid it than you'd spent clicking it for the rest of your lifetime. – gronostaj – 2018-04-18T12:36:39.030

@Ramhound Task Scheduler has a checkbox for running with "highest permissions" -- I don't remember the exact placement and wording -- but I thought that would take care of the permissions issue. – rcook – 2018-04-18T13:13:39.927

@gronostaj I also configure these things for my wife; it annoys both of us, but of course annoying her is a bigger issue. Besides, I'd like to understand better how it works, to the extent of knowing how to get rid of this extra prompt. There really ought to be a way. – rcook – 2018-04-18T13:15:05.520

@rcook - I am here to say you are mistaken. By default, any escalation in an application's permission will result in a UAC prompt, even if you are running as an Administrator (note: the built-in Administrator account is something else entirely). Windows 7 by default did not work like this, and you could also change the UAC behavior in Windows 7, with Windows 8 even the lowest security setting still results in a UAC prompt. It sounds like you should be running Windows 7, not Windows 10. – Ramhound – 2018-04-18T13:29:36.747

Play it online? https://epicport.com/en/caesar3 EDIT: Nevermind, this is a terrible terrible port. Amusingly bad.

– Michael Frank – 2018-04-19T10:16:15.540

@rcook ; I know you're looking for an answer that doesn't disable UAC but gets rid of the prompt, but the problem here is, there likely isn't one. Increased security in Windows and the fact that Caesar III is 20 years old this year. That it even runs in Windows 10 without being a GoG port is a little surprising. Have you considered running WinXP in a virtual machine for this purpose? – CDove – 2018-04-19T14:30:55.017

Well, it's from GoG, I don't know if that makes it a GoG port. I had NOT considered a VM, thanks for the suggestion. – rcook – 2018-04-19T18:21:34.750

Answers

Task scheduler is the wrong place to look. It's a workaround, but you're fighting against UAC (User Account Control). The default settings for this require any application which requests administrative access to have the go-ahead from the user, thus the prompt.

Before you do the following, check your shortcut properties and make sure the application is not set to run as Administrator. If it is, untick that box and the problem should go away. If not, please proceed.

UAC isn't a bad thing (as much as it once was). It's an import from a Linux permissions concept to protect you from applications that are malware and attempt to hijack your machine via administrative privileges. It aggressively controls the Program Files and Program Files(x86) folders, where you likely have your game installed, to prevent the user from installing something that seems innocent but isn't (i.e. a credit monitoring app that is really just there to install a keylogger, 20 toolbars, and steal your identity). For this reason, I advise tolerating the popup unless you really know what you are doing and how to secure your computer.

If you're savvy to secure the computer like a pro, or just decide not to take my advice, here's how to mess with your UAC settings:

Open Control Panel
Select User Accounts and Family Safety
Select User Accounts
Change User Account Control Settings
Adjust the slider to a lower setting, or all the way down to disable UAC.

Note that most modern applications are not flagged by UAC. Older games (yours included) often requested Administrative permissions or attempted to write to protected folders, and were just allowed to do so. In your case, the shortcut is routing to a protected folder and UAC doesn't like how it's doing it, which is probably your root cause.

CDove

Posted 2018-04-18T11:14:58.803

Reputation: 1 155

"If you're savvy to secure the computer like a pro [then you can disable UAC]" - just no. There's way too much stuff happening silently in a modern OS for any human to keep tabs on. Disabling UAC always comes with risk and one should always be aware of that when disabling it, no matter how computer-savvy they are. – gronostaj – 2018-04-18T12:34:58.740

@gronostaj I agree, I don't want to disable UAC for the whole machine for myself and my wife. I find it a useful warning that something is doing something outside an application's normal bounds. But I don't need the warning on this (and probably several other) specific programs. – rcook – 2018-04-18T13:16:17.223

Since the program was written before UAC, I rather doubt that it is "requesting permissions". I suspect, from other reading done in the last hour or two, that it is regarded as privileged by Win10 because it is located in the Program Files folder. After work I'm going to move it and see if that helps. Thanks for the answer. – rcook – 2018-04-18T13:17:41.500

2The not requesting is usually the problem there. Some older apps just assumed the user was the administrator and behaved as if they were. – CDove – 2018-04-18T13:20:30.087

"hat it is regarded as privileged by Win10 because it is located in the Program Files folder." - This is false. The desired application directory is Program Files, where an application stores its data files (i.e. your save files), is something else entirely and would require permissions escalation if by default the program saved files in its application directory but the desired location has always been a user's directory since Windows XP was released. The problem is indeed, a case where program assumes, it's running as an Administrator. – Ramhound – 2018-04-18T13:28:25.050

Going back over this, I'm puzzled by "Task scheduler is the wrong place to look." If it would eliminate the prompt, is there something wrong with the solution? I know it is telling me a useful thing, that's why I don't want to eliminate it from the machine in general. But I would like a way to tell the machine that this particular program has my permission any time I run it, and not have to give permission every time I run it. There is no use in the warning for every single time I run this program. – rcook – 2018-04-19T11:22:44.763

I would look at gronostaj's answer (which is sort of like a long addendum or comment) for the details on why the prompt is recurring. Task Scheduler is really there for when you need to...well...schedule tasks. For instance, if you needed to run an application every day at 5:00PM, that's where you do it. Using it to get around UAC is a little hacky and doesn't always work. You've essentially run smack into the age of the game predating modern security measures. If GoG has it, you may wish to get it there, as they do indeed resolve this problem on most old executables before sale. – CDove – 2018-04-19T11:29:04.047

I find it a useful warning that something is doing something outside an application's normal bounds. But I don't need the warning on this (and probably several other) specific programs.

Here's how UAC works:

Since Windows Vista programs aren't given administrative privileges by default. Even if your account is an administrator, programs aren't allowed to perform administrative actions unless they are started with elevated permissions. If a program tries to perform a restricted action without elevated permissions, it will fail.

The UAC is not just a warning you can dismiss. It informs you that if you let this program run, it will be possible to do whatever it wishes, including:

Running other programs with elevated privileges
Changing other programs' files
Altering security settings
Damaging Windows

You can either choose to trust the program not to do anything destructive and run it, or to prevent it from running.

If the program is ran without elevated permissions, the UAC popup won't appear, but it will also fail as soon as it attempts to do something forbidden for regular users. This will most likely result in a crash.

There's no middle ground: you either have to explicitly elevate privileges each time, or to run the program without elevated privileges. It's a sane security model: you don't perform administrative tasks daily. In a normal workflow you shouldn't see UAC in action too much. Unless you're using programs that don't care about security.

Since the program was written before UAC, I rather doubt that it is "requesting permissions".

It's a bit more complicated than that.

Basically any process can request to launch another process with elevated privileges. Most common causes for a program to be launched with elevated privileges are:

UAC manifest. Developers can embed a manifest inside their executables that enforces running them with elevated privileges. When starting an executable, Windows will check for this manifest and if it's present, the program will always run as administrator.
UAC attribute in executable's (or shortcut's) Properties, on the Compatibility tab. If it's present, Windows will elevate the program.
Compatibility settings in properties. Again, some settings on the Compatibility tab in Properties can force elevated privileges. For example enabling compatibility with pre-Vista systems does this.
Additional compatibility settings. Compatibility Toolkit is an add-on that allows for fine-grained control over some compatibility features. Again, some of these may enforce privilege elevation.
Default compatibility policies, maybe? I'm not sure about this, but I suspect Windows has some heuristics that decide which apps should be run with elevated privileges even if they aren't explicitly enabled. Vista had some features that were built to ease the transition to UAC, for example the VirtualStore. There may be more.

Most likely the game requests administrative privileges because it uses administrative features. Back then nobody cared about this stuff. Programs were putting their files everywhere: Program Files, Windows directory, you name it. These are protected locations.

There are also some compatibility features that just need UAC to function properly. As far as I remember some legacy graphics settings can only be used as an administrator.

Long story short:

If the game asks for elevated privileges, then you can safely assume it HAS to.

It's not just a warning. It's a crucial part of the security model.

By the way, if you've bought the game on GOG.com, then you most likely didn't get the original executable released in 1999. GOG.com is patching their games so that they run on modern hardware and operating systems. They may be adding their UAC manifest to the EXE if they have figured out it's necessary.

gronostaj

Posted 2018-04-18T11:14:58.803

Reputation: 33 047

-1

Try to right click the application .exe file run it as Administrator.

You could also right click on the application shortcut or application .exe file -> Properties -> Compatibility tab -> "Run this program as an administrator" box -> OK.

Circle_F

Posted 2018-04-18T11:14:58.803

Reputation: 124

Yeah. That doesn't eliminate the prompt. – rcook – 2018-04-19T11:19:43.990

That will actually create the prompt. This commands the executable to try to run with administrator privileges...which will then trigger the prompt even if the executable weren't trying to do administrative things normally. This is a fix for making older games work, but not for getting rid of the message. – CDove – 2018-04-19T14:26:38.937

If you use built-in administrator account, it will not occur the prompt. – Circle_F – 2018-04-20T01:58:59.183

Correct, but that account is not active by default in Win10; one of the wiser MS security moves was to stop defaulting the first account from being the do-all, be-all administrator and make "Administrator" separate from just being in the Administrators group. Using that account just to run an app is arguably worse than disabling UAC. – CDove – 2018-04-20T11:37:01.367