I needed standard users to be able to run certain executables with administrator credentials, but ideally without wanting to give them an administrator account and password, and certainly without adding them to the Administrators group. I also needed a log of the commands run with elevated credentials, which is what led me to this method.
I’m using the Application event log and the Task Scheduler. The problem with this method is that when Task Scheduler launches a process as a different user to that currently logged on on the console, the launched process cannot interact with the desktop. Sadly there’s no way around this that I’m away of, which is a shame.
This method might still be useful though if the users just need to run command line utilities and can redirect the output to a text or log file.
Step One – Create a new event source
This allows us to filter out events easily later, and makes the logged commands easy to find. From an Administrator PowerShell prompt issue the following command:
New-EventLog -LogName Application -Source "RunElevated"
Step Two – Create a scheduled task
Open Task Scheduler, create a basic task called RunElevated.
The trigger is When a specific event is logged.
The log is Application, the source is RunElevated, the Event ID is 1.
The action is Start a program.
For Program/script we’re using the full path to powershell.exe: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
The argument is a PowerShell one liner to pick the event Message data out of the most recent RunElevated event to be logged to the Application event log, and execute the data:
&(Get-WinEvent -FilterHashtable @{logname='application'; providername='RunElevated'} -MaxEvents 1).Message
Finally, edit the new scheduled task and choose the administrator account that you want the task to run as, select Run whether user is logged on or not and Run with highest privileges. When you click OK you’ll be prompted for the account’s password.
Step three
Now, as a regular user, we’re going to write a command line to the Application event log using PowerShell:
Write-EventLog -LogName Application -Source "RunElevated" -EntryType Information -EventId 1 -Message "C:\windows\system32\notepad.exe"
This gives us an event that looks like this:
Log Name: Application Source: RunElevated Date: 31/05/2016 14:29:55 Event ID: 1 Task Category: (1) Level: Information Keywords: Classic User: N/A Computer: Laptop001.rcmtech.co.uk Description: C:\windows\system32\notepad.exe
The task should trigger and you’ll see notepad running (hidden) as the admin user you specified when creating the scheduled task. Note terribly handy, but somebody might have a use for this method!
