How to Install Programs without Admin Password in Windows 10 'I downloaded a.exe file from the internet and ran it wanting to install the program on my Windows 10, but a 'User Account Control' dialog pops up to ask for an administrator password and I don’t know the administrator password.
I work in an environment where local admin privileges for users isn't allowed. At all. This is very nice, but can be also be a pain when employees who must have local admin permissions to run a program or install software that requires elevated privileges even if only to do the install. There is a user in bookkeeping who receives a monthly DVD from a vendor of ours that contains much needed reports. In order to look at the reports and make a backup, she must run the executable on the DVD. The executable requires Admin privileges for the install. So since I've been here, every month I run the .exe, UAC appears and I supply the much-needed information to run the installer.
If this was a one time program I would use the Microsoft Application Compatibility Toolkit gimmick to bypass UAC http://www.techrepublic.com/blog/windows-and-office/selectively-disable-uac-for-your-trusted-vista-applications/ However, since this is a new DVD sent to her each month I need some kind of tool she can use herself for this operation.
I have looked around Server Fault and also did Google-Fu, but haven't found anything useful. I might be one of some in a unique situation.
I want to use Poweshell to make the tool. Ideally, I want her to be able to put in the DVD and then launch the Poweshell tool (from her desktop shortcut, no doubt) that looks at the DVD drive and runs the setup.exe file as a local admin without the UAC prompt, without her having to supply any credentials.
What I have so far is some pieced together junk at the moment. I am not a Powershell Jedi. I am a Poweshell padawan. I have half of what I need. I still need to store the password so it doesn't have to be defined and input each time she runs the script. I want this to be as smooth and as few clicks as possible.
For the creds I am choosing to go with the local admin account since that password doesn't change. The local admin account will get the job done. I will need to store that account information on the computer so Powershell can retrieve the account each time she runs the script. So this will need to be an encrypted file in a path variable.
I might get a few downvotes for this, but I know somewhere I need to define and put in 'Read-Host 'some text about entering password' -AsSecureString' in an existing variable or a new variable. I have to get the password input into the process. I have tried a few spots. Thoughts? Wisdom? Impossible?
Windows 7 ProPowershell v4
Art.Vandelay05Art.Vandelay05
4 Answers
Run As Administrator Without Being Administrator
Allow a non-admin user to run a program as a local admin account but without elevation prompt
Below are instructions for setting up a workaround to get an application to run as another account that is a local administrator. The account that executes the process does not need to be a local administrator on the PC though.
The Windows Workaround (see all below notes)
Examples
Create Username (domain or local):
ProxyRunAsLocalAdminCreate Password (domain or local):
<SomeComplexPassword>
Notes
This account is setup as
local adminon PCs where something needs to be run with admin permissions without actually giving the end-user which will run it (execute) local admin permissions.This is a last resort option for things which will not work for non-admins on the local machines where giving their account (the end-user and/or some group) explicit
registryandfile systemlevel object access does not work.
Security
- No one is to have this information other than domain administrators—i.e. don't share with the end-user.
Creating a shortcut with the RUNAS (this could be D:Setup.exe)
Shortcut Properties Example
TARGET Field Example (below):
START IN Example: 'C:Program FilesBlueStacks'
IMPORTANT:The double-quotes around the Start In: field may be required whether or not there are any spaces in the path.
Additional Setup Notes
- You can create a domain user account or a local PC user account forthis purpose and give it local admin permissions to the local machinewhenever such a solution is needed.
- You'll have to run the shortcut with the 'RUNAS, etc.' whensigned onto the PC as the user that will need to execute that processwithout being a local admin themselves. When you do this, you will berequired to type in the credential—caching it this ONE time but it'llnot be needed on each subsequent execution of the process using theRUNAS and /SAVECRED again from that SAME user account profile moving forward.
- This password to this account is NOT shared with anyone, only thedomainsystems admins have this information and plug it in whereverneeded per user per machine—it is a per Windows user account profiletype deal as well. So, if you create a new profile for a user andthis solution is needed, then the shortcut will need to be run againso the credential is cached for their profile as well (by an admin).
Security Notes
- You cannot restrict local login access for the account through grouppolicy or the account will not be able to RUNAS interactively—Ialready tried that for security but I could not get it to workproperly.
- Since this is a cached credential with local admin permissions onit, technically an end-user where this is saved could apply thissame RUNAS technique to another EXE or via command line if that'sallowable. This means you as the admin need to weigh in the upsidesand downsides with this solution including the risks. Perhapsallowing this for your trustworthy people or items that are ongoingor needed over and over again without actually granting the end-userlocal admin is fine.
Controls
You do have some controls in place for this solution though such as . . .
- Pick which machines you want to allow this to run runas from
- Pick which user profiles on each machine you want this to runas from
- You have to go to the user profile on this machine and type in the credentail the initial time regardless
- The exposure is to local machine at the PC level, not the domain level since the local or AD account is a member of the local machine IP address
- Don't give this account any network resource access to anything (only local PC admin per each individual PC as-needed)
- If you ever want to do a mass disable of this feature (assuming using a domain account) then simply disable the account or change the password
- Ensure that others are aware of some of these ramifications, etc. and get them to approve so you're not the person making the decision to use this or not
How To Run Admin Cmd
I found a way to accomplish the goal with Powershell. First a script must be run on the user computer (only once) to make an encrypted password and then store it to a file. Note: The stored password file is not a txt file containing the local admin password in plain text. It is the output of the ConvertFrom-SecureString cmdlet.
First, the script to enter the password and store it to a file. This will only need to be run one time on the target computer.
Now, the script that the user will run to launch the program from the dvd as a local admin. She will run the script from the desktop shortcut after inserting the dvd into the disc drive. After launching the script, the program runs perfectly and she can do this without asking me or the other admin for assistance (which she loves).
This Powershell.org article was instrumental in getting my answer http://powershell.org/wp/2013/11/24/saving-passwords-and-preventing-other-processes-from-decrypting-them/
Art.Vandelay05
Art.Vandelay05Well, thankfully if you eliminate local admin, the only real option you have left is CMD line. Powershell is good, but I would think you would be able to run a batch with this, too.
Only downside to each of these is, if the user knows how to open the scripts, she can see what you put in them, which is a huge no no. The only way around that is to write a command within the code to lock the script down upon opening, not executing, to prompt for a password.
Maybe a batch or powershell written to specifically address UAC?
How To Run Software Without Admin Password Windows 10
On other option to bypass the UAC is running the program under system account because this account has no UAC on an UAC system. There are some source codes on the internet. A complete solution is onrobotronic.de/runasadminen.htmlThis solution is also usable for a non administrator account.