Running published Internet Explorer with Admin privilege

We are running an web based application which installs some .dll based add ins before executing and it requires admin privilege to install the same. This is a one time installation for individual user.

The application is published through Citrix 6.5. I have checked that if we can run Internet Explorer with ADMIN privilege then, these add ins get installed successfully, otherwise error is occurring.

Can you please provide me a BATCH SCRIPT that will launch Internet Explorer with ADMIN privilege? That means, if any restricted user runs Internet Explorer, that will be launched with ADMIN privilege.
hchabriaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoralonCommented:
You actually don't need to.   It's a simple registry key you can set at the system level.
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Value Name: c:\program files (x86)\internet explorer\iexplore.exe
Value Data: RUNASADMIN

That will cause IE to always run for them as admin..

If you want to script it, I'd add it as a compatibility script, you can also run it as a Group Policy Preference, etc.
Compatibility script - http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/A_9235-How-USRLOGON-CMD-processing-works.html
Base script:
reg add "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "c:\program files (x86)\internet explorer\iexplore.exe" /d RUNASADMIN /t REG_SZ'

Open in new window


Coralon
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hchabriaAuthor Commented:
I have added the following registry but still not working.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Value Name: c:\program files (x86)\internet explorer\iexplore.exe
Value Data: RUNASADMIN

While loading the add-ins while launching the web page it is giving Access Denied error.
0
rhandelsCommented:
First off i wouldn't advice anyone to start the application for the user as an admin user specially on a Citrix (SBC) machine. That being said, isn't this the article that you are looking for? Using the RUNASADMIN in my opinion only "disables" the UAC setting meaning the user still has to be an admin user itself for this to work. If the user isn't an admin himself this option won't work.

http://www.experts-exchange.com/Security/Operating_Systems_Security/Q_26441352.html
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

CoralonCommented:
The best option is to get the Addins preinstalled.  In fact, I am currently working on a similar challenge at work.

The first thing to do is put your system in Install Mode (change user /install) and run your website and get the controls installed.  

Track where they get installed to.. ideally, they should go to System32 or SysWow64. At that point, they should be universally available, and hopefully the web page will be able to identify it, and realize they are installed and available.

Coralon
0
hchabriaAuthor Commented:
http://www.experts-exchange.com/Security/Operating_Systems_Security/Q_26441352.html is helpful for me.

I am using below Command line in Citrix while publishing the application-

"c:\Program Files (x86)\Internet Explorer\iexplore.exe" "http://x.x.x.x/qcbin/start_a.htm"

The correct .vbs script mentioned in the provided link is-

Option explicit
Dim oShell
set oShell= Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /user:manmewctx02\administrator ""C:\Program Files (x86)\Alterian\Molecule\Molecule.exe /SERVER:10.68.40.178  /PROJECT:Clarks"""
WScript.Sleep 100
oShell.Sendkeys "Manchester10~"
Wscript.Quit

Open in new window


where I have to replace the line oShell.Run "<Command line>" with my Command line that already mentioned. Please let me know the Command line that I should use.

Also, I have some confusion and request you to clear. What is "/PROJECT:Clarks"? Is Clarks the user name with admin privilege?

Please help me on this.
0
rhandelsCommented:
I think that the Project:Clarks is a command line argument to start that specific project.

Your command line would be something familiar to this. Problem is that, when starting this, it will most probably ask for a password. But this would be a good place to start.

oShell.Run "runas /user:domainname\administrator """c:\Program Files (x86)\Internet Explorer\iexplore.exe http://x.x.x.x/qcbin/start_a.htm""

Still however i would not do this on a Citrix machine, start IE as an admin.. Why not, as coralon stated, preinstall them?? Normally all addins can be preinstalled, just try to find the installation files.. You'd be better of then.
0
CoralonCommented:
You may need to put the layers value under the WoW6432Node.  (It's always tricky because of the registry redirection).  Since your are using 32bit IE, that may be your answer.

Coralon
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.