When started, many programs require permission elevation (shield on the app icon), but actually they don’t need the administrator privileges for their normal operation. For example, you can manually grant permissions for your users on the app folder in the ProgramFiles and/or registry keys used by the program. So when starting such a program under non-admin user account, a UAC prompt will appear and the user will be required to enter an administrator password (if User Account Control is enabled on the computer). To bypass this mechanism, many users simple disable UAC or grant admin privileges to a user by adding a user account to the local group “Administrators”. Of course, both methods are not safe.
Why some Windows apps not run under standard users and require administrator permissions?
An app may need the administrator privileges to modify some files (logs, configs, etc.) in its own folder in the C:\Program Files (x86)\SomeApp. By default, users don’t have edit (write and modify) permissions on this directory. In order this program to work normally, the administrator permissions are required. To solve this problem, you have to manually grant the modify and/or write permission for a user (or the built-in Users group) on the app folder at the NTFS file system level.
How to run a program that requires admin privileges under standard user?
Earlier we described how to disable a UAC prompt for the certain app using RunAsInvoker parameter. However, this method is not flexible enough.
You can also use RunAs with the saved administrator password (in the Windows Credentials Manager) using the
/SAVECRED option. It is also insecure because the user can use the saved administrator credentials password to run any program on this computer.
Let’s consider an easier way to force any program to run without administrator privileges (without entering the admin password) and with UAC enabled (Level 4, 3 or 2 of the UAC slider).
Let’s take the Registry Editor as an example — regedit.exe (it is located in the C:\Windows\ folder). Notice the UAC shield next to the app icon. This icon means that elevation of privileges via UAC will be requested to run this program.
If you run
regedit.exe, you will see a User Account Control window asking for the administrator credentials (
Do you want to allow this app to make changes to your device?). If you do not provide a password and do not confirm elevation, the app won’t start.
Let’s try to bypass the UAC request for this program. Create the text file run-as-non-admin.bat containing the following code on your Desktop:
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" %1"
To force the regedit.exe to run without the administrator privileges and to suppress the UAC prompt, simple drag the EXE file you want to start to this BAT file on the desktop.
Then the Registry Editor should start without a UAC prompt and without entering an administrator password. If you open the Task Manager and add the Elevated column, you will see that there is the regedit.exe process without the elevated status (run with non-admin user permissions).
Try to edit any parameter in the HKEY_LOCAL_MACHINE registry hive. As you can see, a user cannot edit the item in this registry key (the user doesn’t have write permissions to the system registry keys). But you can add or edit registry keys and parameters in your user hive — HKEY_CURRENT_USER.
In the same way you can run any app using the BAT file. Just specify the path to the executable file.
Set ApplicationPath="C:\Program Files\SomeApp\testapp.exe"
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" %ApplicationPath%"
You can also add a context menu that allows to run all apps without elevation. To do it, create the RunAsUser.REG file, copy the following code into it, save and import it into the Windows registry by double clicking on the reg file (you will need administrator permissions to apply this change).
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker] @="Run as user without UAC privilege elevation" [HKEY_CLASSES_ROOT\*\shell\forcerunasinvoker\command] @="cmd /min /C \"set __COMPAT_LAYER=RUNASINVOKER && start \"\" \"%1\"\""
After that, to run any application without the administrator privileges, just select “Run as user without UAC privilege elevation” in the context menu of File Explorer.
How to Bypass UAC with RunAsInvoker in __COMPAT_LAYER?
The environment variable __COMPAT_LAYER allows you to set different compatibility levels for the applications (the Compatibility tab in the properties of an EXE file). Using this variable, you can specify the compatibility settings to be used when starting a program. For example, to start an app in Windows 8 compatibility mode and 640×480 resolution, set the following:
set __COMPAT_LAYER=Win8RTM 640x480
The __COMPAT_LAYER variable has some options we are interested in. There are the following parameters:
- RunAsInvoker – run an app with the privileges of a parent process without the UAC prompt;
- RunAsHighest – run a program with the highest-level permission available to the user (the UAC prompt will appear if a user has the administrator privileges);
- RunAsAdmin – run an app as administrator (the UAC prompt appears each time).
The following CMD code enables the RunAsInvoker mode for the current process and runs the specified program without elevation:
start "" "C:\Program Files\MyApp\testapp.exe"
Enable RunAsInvoker Mode in the EXE File Manifest
As we said above, Windows 10 displays a UAC shield icon for programs that require elevation to run. Developers set this requirement when compiling the application in the program manifest .
You can edit the manifest of any exe file and disable the requirement to run the program in elevated mode.
To edit the program manifest, you can use the free Resource Hacker tool. Open the executable file of the app in Resource Hacker.
Autologon.exetool by Sysinternals, which can be used to automatically log into Windows without a password.
In the tree on the left, go to the Manifest section and open the program manifest. Pay attention to the following xml section:
<requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges>
It is thanks to the requireAdministrator option that Windows always tries to run this program as an administrator.
Change requireAdministrator to asInvoker and the save changes in exe file.
Note that now the UAC shield has disappeared from the program icon, and you can run it without asking for administrator password with the current user permissions.
In this case, you can force the program to use an external manifest file. Create a plain text file appname.exe.manifest (for example,
Autologon.exe.manifest) in the directory with the exe file and copy the manifest code from Resource Hacker into it. Change requireAdministrator to asInvoker. Save the manifest file.
To have Windows always try to use the external manifest file when launching exe files, enable a special registry parameter:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide" /v PreferExternalManifest /t REG_DWORD /d 1 /f
Restart Windows and make sure the program is using an external manifest file that says to run without administrator privileges.