Getting console2 to work nicely with UAC

18

5

I would like to get console2 to work nicely with UAC

Particular problems I would like to tackle:

  • If I start non-elevated, have a way to elevate while running. It'd be especially nice if I could elevate individual tabs
  • I would like to get different coloring for admin/non-admin, similar to: this link. Basically, if I can get the console to execute a command on startup (similar to the HKLM\Software\Microsoft\Command Processor\AutoRun registry value), that's all I need

How do I get this working? Would I have to modify source code to get this to work, or can I use different tab settings/do hacks w/ shell executables?

I am using Windows 7, although I would imagine any working solution would also work on Vista.

Merlyn Morgan-Graham

Posted 2010-09-01T06:01:14.250

Reputation: 1 322

6@harry - If you want to be entirely pedantic: This Q&A site is not a forum. And there's nothing wrong with self answering if you have a valid answer, which I personally think the OP does, because he's fixed part of the problem. – DMA57361 – 2010-09-01T10:53:45.587

1@harrymc: which part of my usage do you disagree with? "How do I get this working? Would I have to modify source code to get this to work, or can I use different tab settings/do hacks w/ shell executables?" is the question. The answer I gave is what I found out while searching myself, which as harry says, is a valid usage of the site. – Merlyn Morgan-Graham – 2010-09-01T16:23:09.987

3

@harrymc: and if you read http://superuser.com/about, it absolutely is intended as a blog. Not that I used it in that manner

– Merlyn Morgan-Graham – 2010-09-01T16:24:02.107

Answers

6

Do you want to try ConEmu? I'm an author of this console emulator. You may run selected tabs elevated, or under specified credentials. And you may specify different palette for elevated consoles (or specified applications).

New tab parameters

Maximus

Posted 2010-09-01T06:01:14.250

Reputation: 19 395

Not sure if this qualifies as an answer for this question, but I'm interested in software like this in general. I'll give it a shot :) – Merlyn Morgan-Graham – 2012-06-11T16:41:48.340

I think should be considered as an answer. It's much easier to setup to run as administrator and just as easy to change behavior(ie color) when running "elevated" – Eric L – 2013-04-14T13:27:07.890

The trouble is, this option hasn't got the same feel as Console2. – Umber Ferrule – 2014-06-06T13:59:54.357

@UmberFerrule Trouble? Feel? It's different and more powerful. – Maximus – 2014-06-06T17:20:35.380

4

I solved part of it.

I would like to get different coloring for admin/non-admin

For some reason, bcdedit.exe is not showing up in the system32 directory when running within Console2 (Not sure why?). So, I had to find another command instead of using the one I found at the link in my question. I found another "do-nothing" command that would allow me to differentiate between admin/non-admin, that is visible in Console2.

In Console2, I set the shell option to:

%ComSpec% /k secedit /validate %ComSpec:cmd.exe=%ieuinit.inf >nul 2>nul && (color FC && title ADMIN) || (color 07 && title NONADMIN)

As far as this question...

If I start non-elevated, have a way to elevate while running. It'd be especially nice if I could elevate individual tabs

There are already a planned feature and related feature requests.

You can't work around this at this point. You can't start the app as LUA, and simply elevate specific prompts, because Console2 can't subsume applications w/ higher level access. It will only work the other way around. I think it would require the program to run elevated, but start via a non-elevated process, so it can shim in and start a non-elevated process. This is sometimes called a bootstrap.

I have tried PsExec, and it didn't work quite right. It stripped some admin rights out, but was still using an elevated token.

Basically, it won't be possible to get both elevated and LUA consoles in tabs of the same Console2 session, without a source change. But you can simply click the taskbar icon or shortcut with Ctrl + Shift + Click to launch as admin in a separate session.

Edit: I found that if you're using ansicon along with a command line tool that outputs color (like git), then this will be slightly broken. Try this command instead:

%ComSpec:cmd.exe=%secedit.exe /validate %ComSpec:cmd.exe=%ieuinit.inf >nul 2>nul && (color FC && title ADMIN) || (color && title NONADMIN)

If you're in admin mode, the red color will override the colors the command outputs, but there isn't an easy way to fix this. However I find that you shouldn't be doing a lot of work in admin mode anyhow. Hence UAC and hence the special colors we're adding.

Merlyn Morgan-Graham

Posted 2010-09-01T06:01:14.250

Reputation: 1 322

@jcollum It's still doing this after so many years. :( – blissfool – 2014-11-10T20:31:08.820

It's possible with the latest versions of Console2, as you surely know. – paradroid – 2011-05-05T20:11:42.197

@paradroid: I didn't know that since I haven't used it in a while :) Can you post this as an answer, and provide some extra details as to what it enables? If you do, and it gives good info, I will accept it. – Merlyn Morgan-Graham – 2011-05-05T20:14:31.820

@Merlyn: Well Console2 enables you to open tabs as different users now, but I am not sure how it handles UAC, as I only use domain admin accounts usually, so I cannot give you a complete enough answer at the moment. – paradroid – 2011-05-05T20:18:57.013

BTW, your profile said that you had not been on the site for around a month, so how did you get any notification of my comment so quickly, out of curiosity? RSS? – paradroid – 2011-05-05T20:20:00.180

@paradroid: I use stack overflow nearly constantly, and my account is linked. Saw the notification in my inbox :) – Merlyn Morgan-Graham – 2011-05-05T20:24:19.540

@Merlyn: Oh of course, I forgot about that. – paradroid – 2011-05-05T20:26:28.663

1@MerlynMorgan-Graham for anyone else who tries using "as user" in Console2, I found that Console2 kinda freaks out when you do this. I tried it to get PowerShell scripting to work with RemoteSigned execution. When I started the Powershell tab as an admin user, Console2 turned into a window that was 40px wide and 80px tall and couldn't be resized. So it was weird. – jcollum – 2012-03-29T15:34:09.027

0

If you are willing to deal with a UAC popup every time you create a tab then you could go to Edit > Settings > Tabs, in the Shell section check Run As User then put in a user name and now a popup will appear and you can change the name. If you are an admin and login it will be elevated; if you are standard and login it will be standard :) Hope it helps.

Yusuf Bham

Posted 2010-09-01T06:01:14.250

Reputation: 1

Asked: 2010-09-01T06:01:14.250

Viewed: 5 338 times

Active: 2017-04-18T18:36:14.427