UAC & standard users with additional privileges  

Page 1 of 3 123 LastLast

  1. Posts : 8
    Windows 10
       #1

    UAC & standard users with additional privileges


    I am using windows 10, version 1909

    I am new to tenforums. I am also new to Windows 10. I am in the process of switching from Windows 7 to Windows 10.
    I joined tenforums because I have a problem with configuring Windows 10 that I am unable to solve on my own. Perhaps someone can help me.

    On my computer, I follow the recommended practice of having a standard user ID for everyday work, and another user ID with administrative privileges to be used only when necessary.

    My computer is physically connected to three different networks through two Ethernet ports and one WiFi adapter. For my work, I need to frequently (every few minutes) switch from one network to another.

    In Windows 7, I gave my standard user ID additional privileges by making it a member of the group called "Network Configuration Operators". That allowed me to enable and disable network adapters as needed without having to enter an administrator's password every time. In Windows 10, I tried the same configuration, but the OS still prompts for a password every time. It's true that it does not require an administrator's password, as it accepts the password of the standard user ID that is a member of the "Network Configuration Operators" group, but it's very inconvenient to have to enter a password twice every time I want to disable one network adapter and enable another one.

    From what I understand, the OS uses the standard-user token by default when executing a command, and elevates the command when additional privileges are needed. For administrators, I can set the User Access Control (UAC) slider all the way down to the "Never notify" option, and that makes elevation occur silently. But the system does not allow me to select the lowest UAC settings for a standard user, even though I entered an administrator's password when prompted.

    Through Google searches, I found that, at least in Windows Vista, there seemed to be a policy called "consent policy" that might make the system silently elevate a command for a standard user with additional privileges. But I have not been able to find anything like that in Windows 10.

    Basically, I would like to place a shortcut on my desktop that I can click to enable/disable a network adapter as needed without requiring a password every time. In Windows 7, I just created a shortcut to the adapter icon, and I could right-click it to enable or disable the adapter. No password was required as long as the user was a member of the "Network Configuration Operators" group. In Windows 10, it seems that the command needs to be explicitly designated to run with the RunAsHighest designation. But I can't figure out how to accomplish that.

    Any ideas? Thank you in advance for any help that you might provide.
      My Computer


  2. Posts : 15,983
    Windows 10 Home x64 Version 22H2 Build 19045.3448
       #2

    There's a tutorial to achieve what you want. In brief, you create a task scheduler item that runs with Elevated permissions & saved admin password so the standard user merely runs a shortcut that triggers that predefined task [in your case, enabling/disabling the relevant network adapters] without any admin prompt appearing.

    Elevated Shortcut without UAC - TenForumsTutorials
    - use Option 2, in Step 5 select the relevant admin account and set 'Run whether user is logged in or not' since that is, if I have understood you correctly, your purpose.
    - Note that this can be used for the task you have described because it does not have a user interface. Only tasks that do not have a user interface can be 'Run whether user is logged in or not'.

    UAC can be put back to its default or highest level and the solution still works. So there is no need to risk your computer's vulnerability to online hackers by having UAC off [ i.e. at its lowest setting].

    Denis
    Last edited by Try3; 12 Feb 2020 at 08:53.
      My Computer


  3. Posts : 7,599
    Windows 10 Home 20H2
       #3

    gvannucci said:
    the system does not allow me to select the lowest UAC settings for a standard user
    You need to be an administrator to create an elevated shortcut mentioned in the above post.

    gvannucci said:
    In Windows 10, it seems that the command needs to be explicitly designated to run with the RunAsHighest designation.
    Option One in the said tutorial works fine with CMD scripts, via which commands can be run.
      My Computer


  4. Posts : 7,599
    Windows 10 Home 20H2
       #4

    Try3 said:
    There's a tutorial to achieve what you want. In brief, you create a task scheduler item that runs with Elevated permissions & saved admin password so the standard user merely runs a shortcut
    The tutorial says "You must be signed in as an administrator to create and use this elevated shortcut."
    Option One was created according to that, so a standard user may not be allowed to use the shortcut.
      My Computer


  5. Posts : 15,983
    Windows 10 Home x64 Version 22H2 Build 19045.3448
       #5

    OK, I've modified my previous post.

    Denis
      My Computer


  6. Posts : 7,599
    Windows 10 Home 20H2
       #6

    Try3 said:
    'Run whether user is logged in or not'
    Consider "Everyone" as shown below:UAC & standard users with additional privileges-everyone.jpg
      My Computer


  7. Posts : 15,983
    Windows 10 Home x64 Version 22H2 Build 19045.3448
       #7

    The OP needs a std user to be able to run it as admin. How does that relate to 'Everyone'? Surely 'Everyone' would recognise & run with whatever standard user account was logged in so would be running with the highest privileges available to that account i.e. standard user account privileges

    Denis
      My Computer


  8. Posts : 7,599
    Windows 10 Home 20H2
       #8

    Try3 said:
    The OP needs a std user to be able to run it as admin. How does that relate to 'Everyone'?
    "Everyone" includes a standard user. If everyone can run it with highest privileges, the OP can too.
      My Computer


  9. Posts : 7,599
    Windows 10 Home 20H2
       #9

    I just found that if "Everyone" is used, the desktop shortcut does not work.
    The OP can still use option one, but they have to manually change "Run only when user is logged on" to "Run whether user is logged in or not" after the scheduled task has been created.

    I have combined the CMD script and VBScript into a single file (attached below).
    UAC & standard users with additional privileges Attached Files
    Last edited by Matthew Wai; 13 Feb 2020 at 09:09.
      My Computer


  10. Posts : 1,807
    Windows 10 Pro 21H1 19043.1348
       #10

    Matthew Wai said:
    I have combined the CMD script and VBScript into a single file (attached below).
    Hi Matthew, I've been following this thread and just have to ask, will these lines of text not confuse my English speaking PC? These are contained in the .bat file.

    ::以下指令會找出當前使用者的 SID ------->:: The following command will find the SID of the current user

    ::以下指令會透過 VBScript 建立一個.xml 工作設定檔 --->:: The following command creates an .xml task profile via VBScript

    " & ::以下指令會把資料寫入.xml 工作設定檔之中 ----> " & :: The following command will write data to the .xml job profile

    :: .xml 工作設定檔之内容在此完結 --------------->The content of ::. xml work profile ends here
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:25.
Find Us




Windows 10 Forums