How to skip UAC with runas command

このサイトを検索 | Search this site

,Japan

UAC is a technology that is the basis of security implemented in Windows OS after Windows Vista.

This made it impossible for malicious applications such as malware to easily modify the Windows system.

Windows does the following:

[Default behavior]

Even if you log in to Windows with a user account that has administrator privileges, the application operates in user mode (standard user privilege)
Display UAC dialog and notify the user when the application requests administrator rights (User Account Control)
App can only run with admin privileges when yes is selected

[Example of UAC dialog]

UAC

"Allow apps from this unknown publisher to make changes to the device?"

Well, the main subject.

The [runas.exe (runas command)] implemented in Windows has an option to skip the UAC dialog, so we will share how to use it.

The UAC dialog will be displayed and the process will be interrupted if some of the programs registered in the startup program require administrator privileges. However, if you use runas, you can skip the step of clicking Yes .

As a bonus

The command prompt is a bit ...? Introducing software that can create runas command shortcuts for various people.

Harm of UAC

For example,

The programs (shortcuts) registered in the startup folder are automatically executed when the Windows OS finishes loading, but when it is the order of programs that require administrator privileges, UAC reacts and processing is interrupted.

The user cannot proceed until they select "Yes | No."

[Windows startup process]

PC power ON
Windows system files are loaded
Programs registered in the registry, task scheduler, and startup folder are loaded (startup processing)
UAC reacts when there is a program requesting administrator rights and processing is interrupted
Select [Yes | No] ← Bottleneck
Start-up processing end
Windows startup process end

Even if the program is confirmed to be safe, it is annoying because you cannot proceed until you select "Yes".

Startup folder

* Windows 10 example

The shortcut of the program to start automatically is arranged.

Startup Folder

xxx: Login account Name

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Valid for all users

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp

How to skip UAC

[PLAN-A, B, C]

Create a shortcut for the runas command
Use ElevatedShortcut (Winaero Tweaker)
Change the User Account Control setting to "Not notify"

This article describes the procedure for PLAN-A.

I will not describe PLAN-B because I wrote it in another article.

We don't recommend PLAN-C because it makes security less secure, but I posted the setting screen in the postscript.

runas check

Check whether runas.exe is executable.
The command prompt can be started normally.

The command to execute.

> runas /?

When "RUNAS usage:" is displayed, you can use the runas command. Please also refer to the help that is displayed.


c:\_	Administrator: Command prompt	ー □ ×
C:\Windows\System32 >runas /? RUNAS Usage: RUNAS [[/noprofile \| /profile] [/env] [/savecred \| /netonly]] /user: < username >program RUNAS [[/noprofile \| /profile] [/env] [/savecred]] /smartcard [/user: < username >] program

Can't get help?

If help is not displayed, runas.exe cannot be used.

Make sure runas.exe exists in the following location.

Location of runas.exe
C:\Windows\System32\runas.exe

If help is not displayed even if you start the command prompt with administrator privileges, runas.exe cannot be used on your PC.

It's a pity ... (꒪⌓꒪)

Run from command prompt

If it works at the command prompt, it is recommended to save the set of commands you entered as a shortcut.

The [/savecred] option will only show the dialog the first time. It is not displayed after the second time.

The format is as follows.

> Runas /savecred /user: administrator "<program path>"

Specify the full path for "<program path>"

The following is an example of starting the software "TClock" that can modify the clock in the notification area with administrator privileges.


c:\_	Administrator: Command prompt	ー □ ×
C:\>runas /savecred /user: administrator "c:\tclock\tclock.exe"

Create a shortcut

If you have followed the steps in the previous section, this step will just copy and paste.

1. Start the new creation wizard

Explorer > Home > New Items > Shortcuts

2. Enter the location

* Do not use the reference button

[procedure]

Enter the runas ... command under "Enter item location"
Select next

runas /savecred /user: administrator <Program path>

3. Give a name

[procedure]

Enter any string under "Enter a name for this shortcut"
Finish by clicking the

Input example: runas TClock

Are you required for a password?

If you are prompted for the administrator password when you execute the shortcut, enter the administrator password.

From the second time onward, the [/savecred] option will work and you will not be prompted for a password.

runas parameter

Source: Runas -Microsoft

parameter	Explanation
/profile	Load the user's profile. This is the default value. This parameter cannot be used with the /netonly parameter.
/no profile	Specifies not to load the user profile. This allows the application to load more quickly, but causes some applications to malfunction.
/env	Specifies to use the current network environment instead of the user's local environment.
/netonly	Indicates that the specified user information is remote access only. This parameter cannot be used with the /profile parameter.
/savecred	Indicates whether this user has previously saved their credentials. In Windows Vista Home or Windows Vista Starter editions, this parameter is not available and will be ignored. This parameter cannot be used with the /smartcard parameter.
/smartcard	Indicates whether the credentials are provided by the smart card. This parameter cannot be used with the /savecred parameter.
/showtrustlevels	Displays the trust level that can be used as an argument to /trustlevel.
/trustlevel	Specifies the level of authorization to run the application. Use /showtrustlevels to see the available trust levels.
/user:/user:<UserAccountName> "<ProgramName> <PathToProgramFile>"	Specifies the name of the user account under which to run the program, the program name, and the path to the program file. The user account name format should be <User>@<Domain> or <Domain>\<UserAccountName>.
/?	Display help at the command prompt.

Summary

If you want to skip the UAC dialog at startup, register a runas shortcut.

runas /savecred /user: administrator

"Administrator" is a special Windows account.

If it is disabled, you will need to activate it.

Please read the related article for specific steps.

About Elevated Shortcut

ElevatedShortcut is software that allows you to create runas shortcuts with a GUI.

Elevated Shortcut has been integrated into the Windows tuning software "Winaero", so it has been released as a single unit, but it can be obtained from the Internet Archive.

See related article for ElevatedShortcut information.