We help IT Professionals succeed at work.

let standard user on windows 8 run a program that reqiures admin password without prompt

taz8020
taz8020 asked
on
Hi I have locked the users down using gp but need to let standard user on windows 8 run a program that requires an admin password. Its driving me mad they need to use it about 5 times a day and have to keep going around entering my password. Plus have had to change the admin password 3 times due to guessing it. There has to be an easy way either in gp on the clinet pc.
Comment
Watch Question

NVITEnd-user support

Commented:
CPAU

Command line tool for starting process in alternate security context. Basically this is a runas replacement. Also allows you to create job files and encode the id, password, and command line in a file so it can be used by normal users

http://www.joeware.net/freetools/tools/cpau/
http://www.joeware.net/freetools/tools/cpau/usage.htm
system administrator
Commented:
I am having very good experiences with http://www.robotronic.de/runasspcEn.html
The account to use is being stored in a PKSC-7 certificate. Pretty hard to crack.
Distinguished Expert 2018

Commented:
You want security, right? Then you can't use the aforementioned tools. It's widely known how to break out and permanently extend your privileges.

There's however a tool that makes it possible: Powerbroker by beyondtrust. It's not free but the best you can do.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I agree with the above about Power Broker.

http://www.beyondtrust.com/PowerBroker-Desktops-Windows-Edition.aspx?section=PowerBroker-Desktops-Windows-Edition

Otherwise, standard users cannot run programs requiring administrative authority.

This question comes up frequently and Windows standard user cannot be part administrator.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
IIRC creating a Scheduled Task with admin privs, running on demand triggered by the user, works.
Distinguished Expert 2018

Commented:
Qlemo, it's not that easy. That task does not run interactively, the user cannot see it for the obvious security reasons. There's only one way that's secure and that's to extend windows' capabilities with software like powerbroker. It can isolate the elevated process.

Author

Commented:
The powerbroker was way too expensive for us as only 12 users
Distinguished Expert 2018

Commented:
Yes, but it would have been a solution.
runasspc and the like are no solutions. They are insecure workarounds.