First, let me be very clear about this as there are multiple contexts possible:
- the logged-in user is a Standard User and not an Administrator User (who would have to do the same thing as below)
- the program to be started would be like "cmd.exe" and the general intent would be to start it with "right click / run as administrator".
- the logged-in user won't have an Administrator user password.
In researching this, I started down the path of using this in a desktop shortcut:
sername] /savecred "C:\Windows\System32\cmd.e
(I found this interesting but wasn't able to figure out how to use the Task Scheduler for the purpose sorta described. I've used the Task Scheduler plenty enough but this description didn't just jump out at me.)
Now, of course, this does work. The first run of it comes up with a command prompt asking for the [administratorusername] password (which would presumably be typed in by someone setting up this computer and who *would* know the password).
Given the password, it stores a Windows credential for that [administratorusername].
The Windows credential shows the Administrator name that was used but the password is not visible.
Alternately, one might think that one could simply go into Credentials and set up a Windows credential for an Administrator User. But this doesn't seem to correspond with the credential entry created by using runas .. above.
Doing it either way, the problem may be with this is that the same credential can now be used for just about anything. Is that correct?
If so how? I refer to:
I tried doing it both ways and found that a rather different credential was set up using /savecred. It works thereafter without a password.
But, if I create a Windows credential with the same information, then /savecred doesn't work and asks for a password AND sets up a new credential.
This leads me to believe that the initial concern in bold italics above may not be a concern at all.
We want to have Standard User logins.
We are forced to start one of the programs "run as administrator".
We don't want to provide an Administrator login info to the user.