Question
Start program as administrator permanently or as different user
In some cases users don’t have administrator rights on theirs workstations. It’s good approach when you think about security but can be not the best if someone using a lot of various software. Some of them needs administrator rights. The first think which goes to your head is “ok, let’s grant local administrator permissions for this user”. Not really. Of course it’s always better to provide only local administrator privileges instead of domain admin but don’t use big solutions for small cases. So, what we can do? Start program as administrator permanently or as different user?
Answer
There can be few approach for this subject. First of all it’s always better to don’t grant admin rights for end user. If some of applications needs more credential and UAC always ask for administrator account you should find out why. To do this you can use some analyst tools. On page https://technet.microsoft.com/en-us/library/dd919180(v=ws.10).aspx you can find information regarding tools which are useful to find out why user without admin rights can’t start program. You can determine which component is affected and then assign some permissions. For example some registry keys required rights adjustment for standard user. After this investigation in most cases problem is solved. If not you can use runas /savecred command in shortcut of program:
- Edit shortcut program settings and add following text before program path in target: runas /user:.\adminaccount /savecred
- You should have prepared admin account for this delegtion,
- After that when program will be started first time cmd window will be shown and you will be asked to provide one time administrator password. This credential will be stored as encrypted and you will asked only one time.
- Program will be started always with admin rights. You can also specified another user account there to start application as different one.
