I need a standard or limited Windows 7 user to be able to run an application (Fallout Mod Manager) which requires UAC elevation. I've tried the Application Compatibilty Toolkit, but that did not work as intended. Any Suggestions? I am running Windows 7 Ultimate local, so policies can be applied.
I basically want something like unix' setuid flag.
It's doable, but not easy to explain.
There are only three reasons why an application would request for elevation on startup:
Assuming you've already checked the compatibility tab, and the application is not set to require administrator:
The next step is to check for an embedded resource manifest. i won't go into how you can find that out. But skip to create a manifest for yourself.
Create a file in the same directory as Fallout Mod Manager (i don't know what the exe is called, but i'll call it FalloutModManager.exe:
This new manifest file you create is a simple text file, containing xml, with a manifest entry that says that we want to launch asInvoker, rather than requireAdministrator:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<description>Poorly written Fallout Mod Manager fails on XP as standard user</description>
<!-- Disable file and registry virtualization, and don't require elevation -->
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
Having this file next to your executable is called an "external manifest". It is also possible the executable has an embedded resource, which you would need a tool like Resource Hacker to see, or modify.
i found a tool to run an application which requires UAC elevation
as a limited user.
But it is only free for private use. Does anyone know a freeware tool like this?
I want to be able to run as a non-admin domain account for normal work and be prompted for elevation when needed. This is fine when not in a domain as the elevation prompt remembers my user name and I just have to enter my password. In a domain environment, however, the elevation prompt does not remember the domain (the local machine) or the username from the local machine. How can I get the UAC/Elevation prompt to remember this information?
Finally found the answer:
Launch C:\Windows\System32\gpedit.msc using Run As Administrator (from the right click menu) and enable the following setting:
Local Computer Policy / Computer Configuration / Administrative Templates / Windows Components / Credential User Interface / Enumerate administrator accounts on elevation
For those using a Home edition of Windows which lacks the policy editor, you can create the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI and add a EnumerateAdministrators of type DWORD set to 1.