Configuring Background Tasks to Autorun as Administrator

2

3

I am trying to figure out how to run a program that requires administrator access to autorun.

Some programs like DuMeter, Speedfan, or ATI Tray Tools require administrator access to interface with the hardware. Further, they are background tasks that one wouldn't want to have to manually run on each and every boot, so they should be part of the startup.

I looked around and the closest thing to a solution that I could find was to schedule them as tasks, but that is no good because not only does it clutter the task list, but some programs need to be run as soon as possible (eg to monitor bytes transferred on the NIC, to adjust fan speeds, or set the desktop colors and refresh rates).

I considered converting them to run as services, but that seems unnecessarily excessive.

Is there a better way to autorun programs as administrator?

Thanks.


Update
Just to be clear, the method to elevate the autorun tasks should not require user input such as accepting the UAC prompt. Sure, one could disable UAC, but that is obviously not ideal.

Synetech

Posted 2010-12-10T03:34:56.227

Reputation: 63 242

Answers

0

Okay, I figured out a way to do it without too much hassle or exposing a password in the clear.

First, you’ll need to enable the administrator account. This is the most inconvenient part. I set my normal account to auto-login, but it’s annoying that the administrator account is available on the login screen, even if I never really see it. Some may complain that by exposing the administrator account, it makes the system a little less secure, but since you must set a password for the account in order to use it from the command-line anyway, that concern is moot.

The method I chose requires using some sort of SHELLEXECUTE program that supports running programs minimized. (One could use the START command built into the command interpreter CMD instead, but that would cause a command prompt window to flash whereas a windowless non-console program would avoid that.) There are plenty to choose from, but I just used one that I wrote way back when.

Now, just create a registry entry in the RUN key that calls the ShellExecute, specifying the minimize option, and using RUNAS as the program to execute. (There are other programs that can run a program using a different account if you prefer, but RUNAS comes with Windows and can save the password to avoid including it in the command-line.) Alternately, you can create a regular Windows shortcut and move it to the Startup folder.

Finally, you’ll need to pass the program (and any arguments for it) as an argument to RUNAS.

(Don’t forget to run the target program—or any program for that matter—with RUNAS, specifying the /SAVECRED option, at least once without running it minimized in order to save the password.)

The command-line to use can get pretty complex because it is a program calling a program calling a program. It gets worse if you need to specify arguments to the target program, and much worse, if you need to include spaces. The quotation mark situation can quickly become maddening, so a lot of experimentation will likely be necessary.

For example, if you use ShelExec from P.J. Naughter and want to run SpeedFan, you would use a command-line like this:

shelexec /showcmd:sw_hide /EXE runas "/params:/user:administrator /savecred ""C:\Program Files\SpeedFan\speedfan.exe"""

I should point out that I have set SpeedFan’s options to start minimized, otherwise instead of running speedfan “directly”, I would have to run a second ShellExecute program with its minimize option to run SpeedFan (a program calling a program calling a program calling a program). Getting that to work would almost certainly drive even the most accomplished computer administrator stark raving mad.

It can be a bit of work to get the command-line worked out, but it seems to work quite well for any auto-run background tasks that require administrative access. Best of all, it works for standard/limited user accounts, so you can use this method to have programs auto-run with elevated privileges without giving a UAC prompt for regular users.

(While it works nicely, it does have its down-sides, most notably that because it runs the programs indirectly, autorun managers like Autoruns, StartupDelayer, HijackThis etc. will not be able to detect which actual program is being autorun—they’ll still work and be able to disable/delete/etc., but they won’t show the right icon or file resource info.)

Synetech

Posted 2010-12-10T03:34:56.227

Reputation: 63 242

0

The programs you've mentioned usually have a RUN AT STARTUP option from within the settings - that's usually the easiest way to go.

Running the programs as tasks will allow you to run them at elevated privileges. There's an option to do just that in the "Create New Task" dialog box.

You may also check the properties of each exe file and check the box in the COMPATIBILITY page to ALWAYS RUN AS ADMINISTRATOR.

More details here - http://www.sevenforums.com/tutorials/11841-run-administrator.html

and http://www.sevenforums.com/tutorials/11949-elevated-program-shortcut-without-uac-prompt-create.html

Sparx

Posted 2010-12-10T03:34:56.227

Reputation: 1 667

The built-in autorun functions only run them without admin which limits their functions (eg Speedfan uses a different, less-functional monitoring chip when not admin). Like I said, they need to run as early as possible and scheduling them as tasks is later than in the RUN key in the registry. Using the shortcut method (ie in the Startup folder has the same problem). – Synetech – 2010-12-11T00:18:26.490

Even after specifying RUN AS ADMINISTRATOR in the COMPATIBILITY tab? – Sparx – 2010-12-11T05:35:33.800

Using that option causes a UAC prompt. Autorun tasks obviously need to run without a prompt. I'll add that to the question though just to be absolutely clear. – Synetech – 2010-12-11T06:43:18.987

0

An alternative is to use PsExec from Microsoft - it can pass on username and password to the command that needs to be run.

Sparx

Posted 2010-12-10T03:34:56.227

Reputation: 1 667

Right; that was one of the "other programs that can run a program using a different account" I was referring to. However, last I checked, it still requires putting the actual password on the command-line/registry/batch file/etc. in-the-clear. I did see another program that can run programs using a different account that can encode the password, but that is a commercial app. – Synetech – 2010-12-11T17:21:29.920

0

Running a speedfan as a scheduled task was a right idea.
In the windows 7 the task can be scheduled not only by the date/time but also it can be run with triggers.
But you need to configure it in a correct way.
Most simple way is just to copy all setting from the Skype autorun task.If you have one
And also I have added one more trigger for the task execution schedule: run at logon. (I am translating settings from my language. So translation can be not exact as you see in your english version)
Here is settings:

  1. Create new task (NOT SIMPLE TASK)
  2. at the Common tabs
  3. assign a name (Speedfan)
  4. Description: Speedfan
  5. At option to run task use the account: click the Change...-button, type in Users then click Check names if the process was succesfull you will see something like BUILTIN\Users
  6. Click EXECUTE WITH HIGHEST RIGHT checkbox
  7. Click Triggers tab.
  8. Click Create
  9. select second option in a list(at Logon)
  10. Click Ok
  11. Click Create
  12. select When you change or create the task option
  13. Click OK. The task is now ready and it will not ask an elevation anymore
  14. Select Actions Tab
  15. Click Create
  16. Leave Run program Option and Click the Browse button - select path to speedfan.exe (For example: "C:\Program Files (x86)\SpeedFan\speedfan.exe") and type your command line options in the field at the right hand side. My options are -minimize -nosmbscan. Then click Ok
  17. And finally click Ok use this to run CCC.EXE , RaidCall and any annoying autoruns.

Kitty Hawk

Posted 2010-12-10T03:34:56.227

Reputation: 1

I had already considered this and used it for a while, however I already explained the shortcomings with it in the question. – Synetech – 2013-11-18T15:57:32.333

0

I think that using the task scheduler to autostart programs is not very user friendly, and sometimes it has had side effects for me (e.g. tray icon for a program is not added).

To remedy this, I have made a program called Elevated Startup that first relaunches itself with administrator privileges, then it launches all files in a directory. Since Elevated Startup is now elevated, all the programs it then launches is also given administrator privileges. The directory is on the start menu next to the classic Startup directory, and works very much the same.

You may encounter one UAC prompt when the program relaunches itself, depending on your UAC settings.

You can get the program here: https://stefansundin.github.io/elevatedstartup/

stefansundin

Posted 2010-12-10T03:34:56.227

Reputation: 101

Asked: 2010-12-10T03:34:56.227

Viewed: 7 189 times

Active: 2015-03-09T02:22:21.300