I've recently been confused by how UAC works between Standard accounts and Administrator accounts,
As we all know, when UAC is turned on, UAC allows Standard Accounts or Administrator accounts in Admin Approval Mode to gain access to the administrator token in order to perform tasks that require administrative access to the machine – allowing us to switch tokens without switching users,
However, it appears that switching tokens is not really what happens: A while ago, I ran an application that would modify the shell (explorer.exe). I ran the program in a Standard Account, but it needed elevated access: therefore, I used UAC to supply admin credentials so it could complete. I did not seen any change to the shell; I then logged into the administrator account whose credentials I used and I saw that the shell in that account had been changed, which was obviously not what I wanted
It appeared to me that UAC was just basically a "Run-as user" type deal where it actually ran the program as that user. This meant that I wasn't just running it elevated: I was literally running the program as that user,
My question is: is it possible for a standard account to use the administrator token but actually run the program as a standard user and use the current user's profile? Otherwise, it seems to me that if you need to do any administrator tasks, you are pretty much required to log in to an administrator account which defeats the whole purpose of UAC – since UAC runs a program as the administrator, rather than using just the administrator rights,
Is this separation of token and profile possible? Or do all users just have to be administrators in that case? It seems to me this would account for many organizations just granting full administrator access to all users,
Can someone please shed some light on this?
I would like to know if it would have been possible to supply an administrator token to the said program, but run that program in the current user account, not the user account of the administrator whose credentials were supplied – in other words, would it have been possible to modify the shell in the Standard account with that program? The goal would be to launch the process as the logged in user (regardless of current privileges) with administrative rights, not as a process under an account with admin rights.
Hope this makes sense,
I am not referring to Admin Approval Mode or how UAC works. I already know that if UAC is set to a secure setting, even Administrators will be prompted and unless it is turned off, administrators use the standard token by default. I am talking about when the administrator token is gained, is it possible to still run the process as the logged in user, just with the admin token? (not using Run As 'user' but maybe something like run as/with 'token'), etc… In this way, it would be using generic administrative privileges rather than one user's administrative privileges.
Is this at all possible, or have I just pointed out a feature not in Window?
Would I, to achieve the goal described here, have to perhaps turn the standard account into an administrator account any time anything that requires elevation needs to be done, and then turn it back into a standard account when done? Based on comments, it appears that this is not possible and that seems to be a flaw in the OS because it makes UAC basically useless.
CASE IN POINT: A few years ago, I was trying to run a program that would change my computer's theme that needed to patch the system (one of those third-party programs). It required administrator rights. I didn't see any change, but then I logged into the administrator account whose password I had used, and found all the activity had been applied to that account!! I had to mess with it a few times to get it to work, but it was a really wonky process. Would the easiest solution be to just promote that standard account temporarily to an administrator, and then demote it afterwards?