let standard user on windows 8 run a program that reqiures admin password without prompt

Hi I have locked the users down using gp but need to let standard user on windows 8 run a program that requires an admin password. Its driving me mad they need to use it about 5 times a day and have to keep going around entering my password. Plus have had to change the admin password 3 times due to guessing it. There has to be an easy way either in gp on the clinet pc.
LVL 3
taz8020Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITCommented:
CPAU

Command line tool for starting process in alternate security context. Basically this is a runas replacement. Also allows you to create job files and encode the id, password, and command line in a file so it can be used by normal users

http://www.joeware.net/freetools/tools/cpau/
http://www.joeware.net/freetools/tools/cpau/usage.htm
0
hulseboschSystem administratorCommented:
I am having very good experiences with http://www.robotronic.de/runasspcEn.html
The account to use is being stored in a PKSC-7 certificate. Pretty hard to crack.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
You want security, right? Then you can't use the aforementioned tools. It's widely known how to break out and permanently extend your privileges.

There's however a tool that makes it possible: Powerbroker by beyondtrust. It's not free but the best you can do.
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

JohnBusiness Consultant (Owner)Commented:
I agree with the above about Power Broker.

http://www.beyondtrust.com/PowerBroker-Desktops-Windows-Edition.aspx?section=PowerBroker-Desktops-Windows-Edition

Otherwise, standard users cannot run programs requiring administrative authority.

This question comes up frequently and Windows standard user cannot be part administrator.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
IIRC creating a Scheduled Task with admin privs, running on demand triggered by the user, works.
0
McKnifeCommented:
Qlemo, it's not that easy. That task does not run interactively, the user cannot see it for the obvious security reasons. There's only one way that's secure and that's to extend windows' capabilities with software like powerbroker. It can isolate the elevated process.
0
taz8020Author Commented:
The powerbroker was way too expensive for us as only 12 users
0
McKnifeCommented:
Yes, but it would have been a solution.
runasspc and the like are no solutions. They are insecure workarounds.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.