1

I would like to grant admin rights on my application, so when anybody run it, it will not depend on users rights.

I would like to do this just one time and from that time it should still be like "admin app"

Something similar like in Linux is saved uid, which use for example passwd.

I found that topic Grant admin rights on an application but that solution needs to enter pass and user name at each run which I do not want...

The idea behind all this is: I have an app which I know what it do, I trust just that one app, but it needs admin rights to do its job...

I need to exec this app on build server so that is why I can not run it from admin account...

Thanks

EDIT: to be more accuracy, one of app which I am using need to use window installer service, I read something that I need admin right or at least interactive account to use it... but my build script is just a service, so when this service trigger an app which need to use windows installer service it just wrote that it is not accessible...

Community
  • 1
Dusan Plavak
  • 161
  • 9
  • 2
    You cannot permanently provide an application administrator rights. If you application requires administrators rights to function you are likely doing something wrong. You can of course modify the manifest so Windows knows the process does require it, but the permission by design, must be provided. You wouldn't be able to do this in OS X or Linux either to be honest, both are design in such a way, an administrator task must be specifically approved everytime. You can try the Microsoft Application Compatibility Toolkit which might be able to address your overall problem. – Ramhound Nov 08 '13 at 12:31
  • 1
    @Ramhound: You are not right regarding OS X and Linux because on Unix-like OS you can have setuid programs. – pabouk - Ukraine stay strong Nov 08 '13 at 13:16
  • You're doing it wrong. You want to make it run in an Administrator context because you don't want to take the time or effort to code it correctly. – joeqwerty Nov 08 '13 at 15:36
  • Well you are not right, my service need to check msi installer package if it is correct, but that checker need to access windows installer service which need admin rights or being run interactively – Dusan Plavak Nov 08 '13 at 15:40

1 Answers1

0

Look into running it with Task Scheduler and the "Run with highest privileges" checked or a user account with sufficient permissions. You might need to add some GPOs to make it work and you might encounter confusing error messages along the way. You can actually run a scheduled Task with a command line on demand as well. These options might not be available on older versions of Windows Server though.

TheUser1024
  • 2,931
  • but I would run that app nondeterministic, so I can not schedule it... – Dusan Plavak Nov 08 '13 at 12:40
  • 1
    don't schedule it then, just create the task and run it by other means like for example schtask.exe /Run YourTask – TheUser1024 Nov 08 '13 at 12:46
  • @DusanPlavak - You can also provide the User group, the require permissions, to do the task your application is using. This means you don't have to require Administrator permissions, which is a horrible idea, most applications don't even require Administrator permissions but people escalate the their programs anyways. – Ramhound Nov 08 '13 at 13:25
  • @Ramhound sadly I can not do that, I forget mention also that our build server is domain controller... :( – Dusan Plavak Nov 08 '13 at 14:35