as a domain member, 'run with administrative privileges' always asks for hostname

Since we run Windows 7-clients in our windows-server domain I have a specific use case that has become more inconvenient:

On the client-site, being logged-on as an user with restricted rights and having the user account control (UAC) activated on the highest level, you can run an application with administrative privileges by right-clicking onto it and choosing “Run as administrator”.

After that, a popup window is shown and asks for the username and password.

As a domain member you now have to enter your full hostname with a backslash following and the user name with administrative privileges (e.g. Administrator) in order to authenticate as local administrator.
On XP-machines you simply had to type in “Administrator” for the username.

That makes administration more inconvenient if you run various Windows-7 clients in a company, because you always have to lookup the hostname for the machine on which you want to run something with administrative privileges.

Is there a registry setting or a good workaround that lets you authenticate as administrator without having to enter the hostname for the machine, but not using tools like "RunAsSPC" or "Steel RunAs"?

Master of Celebration

Posted 2010-12-06T12:43:23.563

Reputation: 257

Answers

When you want to authenticate to the local computer, you can use a dot instead of the hostname. This doesn't make the issue go away entirely, but at least it prevents you from having to look up hostnames since . works everywhere.

Username: .\Administrator
Password: *******

In certain contexts, localhost will work instead. I haven't yet found a situation where either . or localhost doesn't work, but I'm sure there is one somewhere.

Stephen Jennings

Posted 2010-12-06T12:43:23.563

Reputation: 21 788

How about creating a domain account and/or group that has administrative access to the client PC's and login as that account. Or depending on your access you can always login as a domain admin, who will have admin rights on client PC's. That also means that you don't have to manage local accounts on each PC.

Or if the point is to give your users admin access on their own PC's you could just add their domain account as an administrator to the client PC.

I guess it depends on exactly what your usage scenario is.

shf301

Posted 2010-12-06T12:43:23.563

Reputation: 7 582

almost a good solution, but I need to keep the user accounts with restricted rights (to prevent virus attacks) and can NOT use a shared domain account (which could be in the local group of administrators), because every machine's administrator password shall be different from the other's. – Master of Celebration – 2010-12-06T14:12:00.580

If the logon account is already an administrator, you can set UAC through Local Policy changes to "Prompt for consent" or "Prompt for consent on the secure desktop".

For the Home version of Windows, there is a registry hack that sets this in :
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System.
Double-click ConsentPromptBehaviorAdmin and set its value to:
2 - Prompt for consent on the secure desktop
4 - Prompt for consent

The much-simpler Consent dialog, where one only has to click Continue, looks like:

harrymc

Posted 2010-12-06T12:43:23.563

Reputation: 306 093

yes, I knew about that. But as I explained in my briefing, the user's account has restricted rights only – Master of Celebration – 2010-12-06T14:06:54.737

1Then in the case of a totally restricted user, the only solution I see is to write a script that does it for you: Picks up the machine name, asks for account & password and does the RunAs. You can add this script as a shell-extension, to be available in the right-click menu. – harrymc – 2010-12-06T14:52:34.067

well, I'd rather prefer "Stephen Jennings" solution :-) – Master of Celebration – 2013-01-03T14:00:46.343

Me too, even though it was posted just 2 years ago. – harrymc – 2013-01-03T14:47:15.410

You can also, look for the location folder of that application and add the user in the security of the folder, to allow all access. It work for me, when I did it. hope this will help you.

P.S. when your going to do this, you should use and administrator user.

LEO

Posted 2010-12-06T12:43:23.563

Reputation: 1

I think this would be a very suitable comment, but not so much as an answer. – RockPaperLizard – 2015-04-16T02:20:23.660

I tried editing my comment, but the SE site had an error. I wanted to mention that perhaps adding more details would really help your answer. – RockPaperLizard – 2015-04-16T02:26:07.793