Is there any way that I can force a program that normally requires administrator privileges (via UAC) to run without them? (ie: no UAC prompt and no system-wide access.)
Added: Without modifying the executable itself.
In spite of James’s answer, I have found a few ways that it can almost be done:
- By modifying the executable I can remove the
trustInfoentry from the manifest (or the manifest entirely, so I can use an external one), allowing the program to start without UAC. Unfortunately this modifies the executable, so it exits shortly after due to an internal checksum test.- By using Process Explorer I can launch it as a Limited User. However this seems to limit it significantly more than I would like (it runs like Protected Mode IE and so can access significantly less than what my standard un-elevated user can).
Solution:
Windows Registry Editor Version 5.00[HKEY_CLASSES_ROOT*shellforcerunasinvoker]@="Run without privilege elevation"[HKEY_CLASSES_ROOT*shellforcerunasinvokercommand]@="cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start """" ""%1""""""Save this text in <name_of_file>.reg and add it to the Windows Registry. (Double-clicking on it should do the trick.)
Afterwards