Windows 10 Allowing a Regular User to Launch One Application as Admin
scottalanmiller last edited by
We've got a Windows 10 box that traditionally the customer has given admin rights to the end user because there is one simple application that runs on it that needs them. Instead of having them have system-wide administration rights (especially given that they were hit with ransomware this week) we want to lock them to only have admin rights for this single application.
Windows 10 (and all version from Windows Vista and later) has the built in command line tool called runas. This is purpose built for this reason. Kind of like sudo for UNIX, but not quite the same functionality. This would be great, but requires the user to know and enter the password of the elevated account. That's great for maximum security, but might not be transparent enough for a lot of users or situations.
A free tool to get around that limitation is RunAsTool. This is a GUI tool that does something similar but allows the password to be stored.
What about using the /savecred switch?
runas /savecred /user:USER-NAME "C:\full\path\of\Program.exe"
dbeato last edited by
This is what I use
This is what I use
We've been doing it this way for years. :)
JaredBusch last edited by JaredBusch
Didn't read the links. But if it involves runas and saved creds, we do this.
We make a
batfile and give it the icon of the application.
That launches the application with a
Example, we have a shortcut file with this as the target.
C:\Windows\System32\runas.exe /user:domain\localadmin /savecreds "C:\AdminShortcuts\Bobcat\Bobcat.bat"
@echo off cd \ cd Program Files (x86) cd G2ScanBobcat start bobcat~1.exe
We have more than one application requiring this.
JaredBusch last edited by
The first time it is used, we have to manually type the
After that it is stored in credential manager.