How do I disable UAC for a specific program on my son's account?

I see a lot of answers for how to disable UAC for specific applications on one's own personal account, but I haven't seen anyone ask or answer this question.

We have a family computer. Each of us has an account, with my account being the Administrator account. My son has a game that he likes to play, but every time he starts it up, I have to type in my Administrator password. This, obviously, is quite irritating, and I'd rather simply grant him rights once and for all.

How can I do this?

Nick Hodges

Posted 2012-06-16T23:41:08.700

Reputation: 479

1what is the game? – Steve Rathbone – 2012-06-16T23:42:00.853

Do you have the ability to write and compile a program in the C or C# programming languages? – Fran – 2012-06-16T23:56:11.613

2I think taking ownership of the game's executing file will be a good idea. Also you should take ownership of the folder where the game is installed. – avirk – 2012-06-17T03:54:40.007

Answers

I was able to do this with runasspc

Download and extract in to a directory the user can access.

Launch the runasspcadmin.exe and enter in the Path to your game (C:\program files..\game.exe), your PC name where it says localhost, The admin username and password. I left all the other options at defaults. Click "Save Cryptfile"

Now the user can launch the game using the "runasspc.exe" from the extracted directory.

To make things easy you can create a shortcut on the desktop for it and re-name it to the games name. Your password information is stored in a file crypt.spc that cannot be normal read.

Screen shot

animepunkw

Posted 2012-06-16T23:41:08.700

Reputation: 416

1Even if the standard user is able to launch the app with admin credentials, it will run in a separate user session and the std user will have limited ability to interact with it. Not exactly the thing to be desired if this is a "game". – kreemoweet – 2012-06-17T05:04:42.857

it provides the username and password just as the UAC wants, he should be able to play just fine. – animepunkw – 2012-06-17T06:09:54.873

UAC cannot be disabled on a per-application basis. It would also be a very illogical thing to do: if the standard user is not to be trusted with admin-level privileges, then he/she cannot be allowed to run ANY program with such privileges. The problem is with the game, not UAC. No game should require administrative rights on (and hence the ability to destroy) your computer.

kreemoweet

Posted 2012-06-16T23:41:08.700

Reputation: 3 884

You don't need to disable it, you need to make sure the application doesn't require such permissions. While you can go and do all of this, the most secure approach is not doing this. Process Monitor can help you figure out what paths and registry keys it needs "administrator" access to, give them all administrator permissions and then just run the game as his account.

Tamara Wijsman

Posted 2012-06-16T23:41:08.700

Reputation: 54 163

Try the following:

Find the game's files in say C:\Program Files (x86), and right click the main executable file, and select 'Properties' (If you are having trouble, you can find the installation path by viewing the properties of the shortcut on your desktop).
Click on the 'Compatibility' tab, and then click on the 'Change settings for all users' button at the bottom of the window.
Deselect the 'Run this program as an administrator' checkbox at the bottom of the window.
Click 'OK' to close the window and save the preference, and then click 'OK' again to close the properties of the file.
Try running the game from your sons account, and see if it fixes the problem.

Steve Rathbone

Posted 2012-06-16T23:41:08.700

Reputation: 466

If bypassing a UAC prompt that requires a standard user to enter the Administrator password were that easy, I'd be shocked. – Fran – 2012-06-17T00:00:18.940

1yeah i'm trying to see if the game needs to run as admin at all... – Steve Rathbone – 2012-06-17T00:03:21.340

It sounds like the game is self-elevating, which may be hard to get around if it's doing that from compiled code. – Fran – 2012-06-17T00:04:58.873

@indifferentDrum, generally speaking signatures, and other things that just add "fluff" to the answer are discouraged. – soandos – 2012-06-17T04:00:16.223

@soandos no worries. – Steve Rathbone – 2012-06-17T04:09:44.107

This is doable, but you need to be able to hide the Administrator password inside a compiled program (not perfect security by any means, but good enough for your son not to learn the Admin password).

First install psexec from the Sysinternals suite (available as a ZIP file from Microsoft). psexec allows you to run programs as other users (if you know the other user's password). The below code assumes you installed it at C:\sysinternals\psexec.exe. Make sure your son's account can run the program. This will require change the security settings on psexec.exe to grant read and execute permission to your son's account.

Then compile the below C program into an executable (let's call it rungame.exe), but change the code to have the correct pathnames to psexec and the game, and also change the code to set the actualy Administrator password one character at a time (see the comments in the code). This is how we obfuscate the Administrator password inside the EXE. If you lack a Microsoft compiler (e.g., Visual Studio), you can install Cygwin, which has the GCC compiler.

Then give rungame.exe to your son (but not the source code, obviously). When he wants to run the game, he launches rungame.exe, which will launch the game as Administrator without prompting for the password.

#include <windows.h>
#include <stdlib.h>

// Be sure to use double-backslashes as path separators in this pathnames!

char * psexec = "C:\\sysinternals\\psexec.exe";   // <-- CHANGE THIS PATH AS NEEDED
char * game = "C:\\path\\to\\game\\program.exe";  // <-- CHANGE THIS PATH AS NEEDED

int main()
{
    char cmd[1024] = { 0 };
    char pw[128] = { 0 };

    // Create the password ("hello" in this example) so that it does not appear as a string in the
    // compiled version of this program.
    pw[4] = 'o';
    pw[3] = 'l';
    pw[2] = 'l';
    pw[1] = 'e';
    pw[0] = 'h';    

    strcpy(cmd, "\"");
    strcat(cmd, psexec);
    strcat(cmd, "\" -d -u Administrator -p \"");
    strcat(cmd, pw);
    strcat(cmd, "\" \"");
    strcat(cmd, game);
    strcat(cmd "\"");

    system(cmd);

    return 0;
}

Fran

Posted 2012-06-16T23:41:08.700

Reputation: 4 774

BTW, I tried doing this with a batch script, but I couldn't find a combination of security settings that let the script be executable by the target user without also being readable by that user. I don't think that's possible, which is why I went with a compiled program to hide the Administrator password. – Fran – 2012-06-17T15:59:59.313