Tuesday, December 29, 2020

windows startup "elevated" shortcut for a non admin user

problem: you cannot create a windows startup shortcut that requires elevated (admin) rights for a non admin user

I spent hours trying to get this to work... I hope this saves some time for future me or anyone googling.

scenario:

  1. You have windows account(s) that are NOT an admin because that is a good general practice.
  2. So you have a dedicated admin account on-demand for things that require admin rights.
  3. You have graphical program that you want to launch automatically at startup (log in) for the non-admin user(s).
  4. The program requires elevated admin rights to launch.
  5. Using the standard ways to try and create a startup shortcut don't work, the program is not launched.

impact: you have to launch the shortcut manually

... which means you will forget from time to time, this can be bad news for some critical programs, like energy or temperature controlling software, or software that applies hardware tweaks or similar power tools/toys.

solution: you need a little help from a windows power-toy called "elevate"

After trying various ways to create startup "log in" shortcuts, including shell:startup folder, the registry autostart, and task scheduler "log in" triggers...

The major sticking point seemed to be the fact non of the above was working for a non-admin user. The missing elevated token for the standard users was causing things to fail, the shortcut/program just failed to run or failed to run with the required elevated rights.

I caved in with the built in methods and used a .vbs and .cmd script combo from an official Microsoft PowerToy. Here is the git repo, this power toy was originally published in TechNet Magazine, June 2008.

The resulting shortcut placed in the user shell:startup folder looks like this: 

"E:\Portable\elevate.cmd" "E:\Portable\ControlStation-FanControl.bat"
When the shell:startup is triggered during post log in, this shortcut is run, and fires a UAC prompt to elevate and launch whatever it is you want. So your admin credentials e.g. fingerprint are required to launch the software with admin rights. Hitting ESC or similar skips the launch.

citation:

Props to: Mark Richardson for putting the code on GitHub, and John Stephens and Michael Murgolo for the original work and scripts.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)