Step 4: MakeMeAdmin

Another option for elevating privileges is a program that I wrote called MakeMeAdmin. MakeMeAdmin gives you a command shell, running as you but with admin privileges. It does this by calling RunAs twice. The first time it invokes MakeMeAdmin running as local admin then takes your normal account and adds it to the administrators group. Then it will call RunAs again and invoke your regular account and when you supply credentials you'll get new a new logon session. It checks to see what groups you're in and builds a brand new token with admin privileges. So you'll be running as a regular user, but with admin privileges.

The trick is it does not keep you as admin. The rest of the desktop is at normal privileges, it's only the MakeMeAdmin shell and anything run from it that has admin privileges. Also, once it starts that MakeMeAdmin command shell it immediately removes you from that admin group so that any subsequent logon will not give you admin privileges. It is a simple command shell script so you can customize it. It is downloadable from my blog.

Elevating privileges for administrators

 Home: Introduction
 Step 1: RunAs dialog
 Step 2: RunAs command line
 Step 3: Differentiating security levels
 Step 4: MakeMeAdmin
 Step 5: Caveats
 Step 6: Resources

Aaron Margosis is a Senior Consultant with Microsoft Consulting Services, focusing on US Federal government customers. He specializes in application development on Microsoft platforms and products with an emphasis on application and platform security. Aaron has blogged extensively about how to run Windows as a non-admin, and created the popular MakeMeAdmin and PrivBar utilities. Aaron holds Bachelors and Masters Degrees from the University of Virginia, and calls Arlington, VA, home.
Copyright 2005 TechTarget

This was first published in April 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.