Share via

GPO to let standard user run applications that need elevated privileges

Scorpion 10 Reputation points
2023-03-02T00:48:02.0633333+00:00

We have some apps that needs to be used on our LAN, on the clients PCs. But some of those apps needs "elevated privileges" to run, that means, the user must belong to the administrators group. That would be a hole for our workstation security, so, how can solve this?. Is there any GPo that can help the users to run some apps with "administrator privileges"?, without knowing the admin password, of course.

Please, help

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Server | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fabricio Godoy 2,626 Reputation points
    2023-03-02T05:36:37.44+00:00

    Hello.

    Yes is possible....create a GPO with this 2 settings.

    • Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options.
    • User Account Control: Run all administrators in Admin Approval Mode
    • Enabled
    • Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options.
    • User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
    • Elevate without prompting

    These settings will allow non-administrative users to run certain applications with elevated privileges

    I hope this helps

    Regards

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.