Run an app WITH FULL ADMIN rights on windows startup FOR A Standard User

Question

Run an app WITH FULL ADMIN rights on windows startup FOR A Standard User

Ahsan Taqveem 5

Hi Dear Community/Microsoft Support,

I have two accounts on my windows right now:
Account-1: Admin (A full privileged admin)
Account-2: Ahsan (Standard user | Non-admin)

What I want is to run following three applications WITH FULL ADMIN RIGHTS for Account-2 on windows starts up:

1- C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe

2- C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe

3- C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe

I tried following ways:

Method 1:

Ran Task Schedular (with Admin user); Scheduled the task to run with HIGH PRIVILEGES check; chose with Admin account;

Tried both options:
1- Run only when the user is logged on
2- Run whether the user is logged in or not

Method 2:

C:\Windows\System32\runas.exe /user:PCNAME\Admin /savecred "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe"

put this elevated shortcut in the startup folder.

Method 3:

Ran a windows batch file with following piece of code:

Set ApplicationPath="C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe"
cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && start "" %ApplicationPath%"

put the batch file shortcut in the startup folder

NONE OF THE ABOVE THREE METHODs ARE WORKING.

I believe in the past on windows 10, I used to run the ASUS tasks via the task schedular. It just does not work anymore.
I am on windows 11 home 22H2 (Build 22621.1702)

Somebody please help me,
Please rescue me from entering the admin password three times on windows startup for those three applications that I mentioned above:

I Shall be very thankful.
Ahsan.

3 answers

Your answer

Answer 1

MotoX80 36,401

I believe in the past on windows 10, I used to run the ASUS tasks via the task schedular. It just does not work anymore.

How did you determine that it is not working? Does the task show as "running"? Do you see the program running in the Task Manager details tab? What did you use as a trigger? In your image it shows "History (disabled)"; you should enable that so you can see when the task starts and stops.

Since the task is using an account that is different from the desktop user, you will need to use "Run whether the user is logged in or not". That means that any window that the program displays will not be visible to the desktop user. If these are command line programs, you can redirect stdout and stderr to a file so that you can see the output. If they are GUI programs then you are out of luck.

Have you asked for help in an Asus forum? Based on the program names, I have to question why they are not defined to run as a Windows service. That would solve your problem.

Obvious question... why can't these programs run as the desktop user? What do they do that requires administrator level access? The Samsung program looks like it only needs to run when the admin wishes to perform SSD management.

Ahsan Taqveem 5 Reputation points

2023-08-01T20:36:58.98+00:00

Hi @MotoX80 ,

It took me quite some time to write back. Was a bit busy with kids and the private job.

So i did turn the History option "ON" in the task schedular for the three applications i mentioned above.

The History says the task was triggered and it is still running.
I opened the task manager, and the processes were there as shown below

IMAGE-1:

Note the Red boxes in the IMAGE-1, the information is missing. Normally you see the information in the RED boxes.
Also note that the icons are missing too (icon of ArmourySocketServer.exe and SamsungMagician.exe are missing).

--

Now, lets compare the same processes when i run them MANUALLY on startup by entering the Admin password.
Below image is carrying the information when the tasks were started manually with Admin password on startup,

IMAGE-2

Note that the information which was missing in the RED boxes in the IMAGE-1 is now available (GREEN boxes in IMAGE-2)
Also note that the icons are back as well this time.

--

One more thing: when the Samsung Magician starts via the task schedular, though the processes are visible in the task manager (IMAGE-1), HOWEVER, THERE IS NO ICON IN THE TASK BAR, I CANNOT INTERACT WITH THE PROGRAM.

Usually the icon appears in the SYSTEM TRAY as show in IMAGE-3 below,

IMAGE-3:

If I have to interact with the samsung magician, I have to open it manually by entering the Admin password.

Please help.

Shall always be VERY THANFUL.
MotoX80 36,401 Reputation points

2023-08-01T21:20:24.67+00:00
The red boxes are there because you are running the task manager as a standard user. You would need admin access to see that data.

Open Powershell with Run as administrator and run this command.

Get-Process armour* -IncludeUserName

Are the programs working ok when launched via the task scheduler? Do they generate log files that you can examine? Is there some other program you can run that calls them?

I am at somewhat of a disadvantage here, because I have no experience with these programs.

Why can't these programs run as the desktop user? Especially the Magician program. What do they do that requires administrator level access? What error do you get when a standard user launches them?
Ahsan Taqveem 5 Reputation points

2023-08-02T16:00:22.8533333+00:00

Hi @MotoX80
I got your point on the missing information in the RED boxes. Running the task manager in Admin would show the missing details, i will try that as well.

The tasks were scheduled via the admin user account (scheduled run for a standard user)

I just tried the other way around,
what I did: I ran the task schedular with a standard user and scheduled the task to run on the standard user's login,
I get this error when i press OK button:

So the above dialog box is giving three possibilities:

1- user account is unknown
2- the password is incorrect
3- the user account does not have permission to create this task.

so in my case its the 3rd possibility (standard user has no permissions to create this task)

--

Answer to your next question:
the task manager says, the tasks are running (The RED box scenario - IMAGE-1), but since I cannot even interact with the tasks, like for instance, i cannot even open the Samsung magician since there is no icon in the system tray, nor there is any window of Samsung Magician opened when the tasks is running.

--

Answer to your another question:

Why do the Samsung Magician even needs the admin rights to run:
i literally have no idea, BUT i do know what exactly it is doing.

The Samsung Magician is keeping the following stats of my Samsung NVMe SSD:

1- Temperature of my SSD (I need it the most)
2- Keeps reading of how much data has been written to the SSD etc etc.

Here is a preview of the window of this software:

May be these images will give a hint why does this software need admin rights.

If you have noticed, i have even checked the box where it says:

RUN MAGICIAN ON WINDOWS STARTUP

Even then it just does not run
Ahsan Taqveem 5 Reputation points

2023-08-02T16:13:15.08+00:00

Hey @MotoX80

I just came across this thread and saw this:

Its post has a kind of similar problem what I am facing.

Can you guide me on how can I utilize this script?
MotoX80 36,401 Reputation points

2023-08-02T16:40:17.14+00:00
Copy the script and paste it into notepad. Save it as UnlockScheduledTask.ps1 in some directory. Open Powershell with Run as administrator. CD to the somedirectory. Run the script.

,\UnlockScheduledTask.ps1 -TaskName TheNameOfYourTask

That will allow your standard user to run a task that was defined by the administrator account.

You may not need that. Give me a few minutes to reply to your prior post.
MotoX80 36,401 Reputation points

2023-08-02T17:29:48.6833333+00:00
I really think that it would be in your best interest if we could get those programs running as your standard user. I have a Powershell/runas series of commands that I think will work to launch them as an elevated admin account, but if all you need is a simple permissions change on a folder to get them to work, I'd like to explore that first.

Before you try this, check the task manager and make sure that none of those programs are running. If they are, use the admin account and kill them.

While logged on as the standard user, open 3 command prompt windows. In each window, cd to one of the program folders and run the program.

cd "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\" ArmourySocketServer.exe cd "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\" ArmourySwAgent.exe cd "C:\Program Files (x86)\Samsung\Samsung Magician\" SamsungMagician.exe

Do you get any error message or a UAC prompt?

Do any of the windows appear to "hang" and does the title on the window now include the program name, like "Command Prompt - ArmourySocketServer.exe"

Do you have some application that you can run to verify that those programs are doing what they are supposed to do?

Does the Samsung icon show in the system tray?
Ahsan Taqveem 5 Reputation points

2023-08-02T19:57:21.7066667+00:00
I just tested what you proposed.

I opened three cmd windows and in each window I ran the tasks as you asked.

QUESTION YOU ASKED: Do you get any error message or a UAC prompt?

It shows the UAC prompt as shown below:

QUESTION YOU ASKED: Do any of the windows appear to "hang" and does the title on the window now include the program name, like "Command Prompt - ArmourySocketServer.exe" ?

Nothing hangs, and the program opens successfully (after I input the password in UAC prompt)
The cmd window looks like this after the program has been started successfully

QUESTION YOU ASKED: Do you have some application that you can run to verify that those programs are doing what they are supposed to do?

I can only test Samsung Magician App for now. When i input the password of the admin accout on UAC prompt, the Magician app started just fine and it was working very fine.

QUESTION YOU ASKED: Does the Samsung icon show in the system tray?

Since the app started just fine, therefore YES, the icon appeared on the bottom in the system tray.

Unfortunately i cannot test the Armoury Apps for now. The machine i am using is an ASUS machine therefore there are a whole lot of Armoury Apps running around. ArmourySocketServer and ArmourySwAgent are just participating to make this machine work as a whole.

So lets stick with the magician software for now, since i can figure out easily whether the app is working fine or not.

Once we figure out the Magician App, we will apply the same solution to the ASUS apps.

What would you say?

Answer 2

MotoX80 36,401

What would you say?

I have 2 options that might work.

If you have not set Powershell's execution policy, open a powershell prompt with "run as administrator" and run this command. "set-executionpolicy RemoteSigned".

Create a file named "C:\Users\Ahsan\Desktop\Launch.ps1" with this content.

get-process ArmourySocketServer -ErrorAction SilentlyContinue | stop-process -force 
get-process ArmourySwAgent -ErrorAction SilentlyContinue | stop-process  -force 
get-process SamsungMagician -ErrorAction SilentlyContinue | stop-process  -force 
start-process ArmourySocketServer.exe -WorkingDirectory  "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer" 
start-process ArmourySwAgent.exe -WorkingDirectory "C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent" 
start-process SamsungMagician.exe -WorkingDirectory "C:\Program Files (x86)\Samsung\Samsung Magician" 
start-sleep -seconds 30

Create a file named "C:\Users\Ahsan\Desktop\StartProcesses.bat" with this content. (Using your admin account name.)

runas.exe /user:YourAdminName /savecred "powershell.exe -command "start-process powershell.exe C:\Users\Ahsan\Desktop\Launch.ps1 -verb runas" 
timeout /t 30

Don't put Launch.ps1 in a folder that has a space in the name. That way we don't have to deal with quotes.

The first time that you run StartProcesses.bat you will be prompted for a password, but from then on you should only get the UAC prompt where you can just click on ok.

I added the sleep/timeout commands to give you some time to look for error messages.

The other option is some freeware that I have not personally used but I've seen where other users replied that it worked for them.

https://www.runasrob.com/

You would configure it to launch Powershell.exe to execute the Launch.ps1 file with administrator credentials. I don't know what UAC prompts you might get.

Let me know if that works for you.

Ahsan Taqveem 5 Reputation points

2023-08-02T21:35:47.2233333+00:00

Let me get back to you on these solutions tomorrow.

I would prefer to use the batch file method since it does not involve the use of third party tools.

I will let you know if the solutions worked or not.

Thank you so much for all the support so far. I appreciate it a lot.
MotoX80 36,401 Reputation points

2023-08-02T22:51:24.5033333+00:00

I'm golfing tomorrow so I might not reply until friday.
Ahsan Taqveem 5 Reputation points

2023-08-06T19:06:03.0966667+00:00

Hi @MotoX80

Golf.. Nice. :-)

So i gave it a shot (Method1 making two files as you asked)

I first changed the policy:

And then I did the later part.

The StartProcesses.bat window (which is a cmd window) remains open until the timer runs out and then it disappears. Nothing else opens.. no password prompts.. no other screen. StartProcesses.bat cmd window does not even let me take screenshot via the keyboard shortcut (Shift+Win+s). when i attempt to take screenshot, the screen disappears instantly (even though the timer was still running). Similarly when i maximize the StartProcesses.bat cmd window, it disappears (by disappears i mean it quits instantly where the timer was still running)

As I just told, "This screen" remains open for 30 seconds and then nothing happens:

--

I will now try the other option RunAsRob (the 3rd party tool)
MotoX80 36,401 Reputation points

2023-08-06T23:49:04.5333333+00:00

Runas doesn't like something. Is "admin" your administrator account name.? See if can get runas to launch cmd.exe or powershell.exe. Then get powershell to launch a second powershell process. It's likely a problem with the quotes.
Ahsan Taqveem 5 Reputation points

2023-08-08T16:36:14.14+00:00

Yes the name is "Admin" with capital A.

i tried but i could not succeed.
MotoX80 36,401 Reputation points

2023-08-08T22:11:45.2666667+00:00

I am out of town this week and do not have my laptop. If no other user replies, I will check back when I get home.
Ahsan Taqveem 5 Reputation points

2023-08-11T16:36:58.8133333+00:00

Sure, Thank you so much.

MotoX80 36,401

Try this.

runas.exe /user:Admin /savecred "powershell.exe -command \"start-process powershell.exe -ArgumentList '-noexit -file C:\Users\Ahsan\Desktop\Launch.ps1 -verb runas;start-sleep -seconds 10; \""

Ahsan Taqveem 5 Reputation points

2023-08-19T13:36:57.0466667+00:00

Hi @MotoX80

I tried this, and it did not work.

the CMD opens and then closes ASAP. Nothing happens, No password prompt via the CMD.
MotoX80 36,401 Reputation points

2023-08-19T13:41:14.23+00:00

What is the command that you are executing? Add a timeout so that the window doesn't close right away.

Or open a command prompt. CD to the folder. Run the bat file.
Ahsan Taqveem 5 Reputation points

2023-08-19T19:18:29.3666667+00:00

This is what appears when i ran the last shared command:
MotoX80 36,401 Reputation points

2023-08-19T22:27:23.2033333+00:00
I was missing a quote. Try this.

runas.exe /user:Admin /savecred "powershell.exe -noexit -command \"start-process powershell.exe -ArgumentList '-noexit -file C:\Users\Ahsan\Desktop\Launch.ps1' -verb runas\""

Once you get it working, you can remove the -noexit switches.

Answer 3

Marc Gutt 0

Take a look at this question/answers:

https://learn.microsoft.com/en-us/answers/questions/1021785/windows-11-22h2-cant-use-saved-credential

It seems the "Credential Guard" is the problem.

Share via

Run an app WITH FULL ADMIN rights on windows startup FOR A Standard User

Method 1:

Method 2:

Method 3:

3 answers

IMAGE-1:

IMAGE-2

IMAGE-3:

Your answer