Jump to content

Unable to open an elevated Windows Explorer window


MagicAndre1981

Recommended Posts

When making a right click on the Explorer and select "Run as administrator" it doesn't start the Windows Explorer with admin rights. The Windows Vista/7 Explorer includes a special function to block such requests.

To disable it, start regedit.exe and go to the following key:

HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}

make a right click on Permissions and set your user as owner of the key and give your current user writing permissions.

Next, delete or rename the value RunAs. Now the Elevated-Unelevated Explorer Factory is disabled and you can start the Explorer with admin rights.

WindowsExplorer_Windows7_IL.png

This helps you delete files, for which you need admin rights.

Have fun :)

Edited by MagicAndre1981
Link to comment
Share on other sites

  • 5 months later...

When making a right click on the Explorer and select "Run as administrator" it doesn't start the Windows Explorer with admin rights. The Windows Vista/7 Explorer includes a special function to block such requests.

To disable it, start regedit.exe and go to the following key:

HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}

make a right click on Permissions and set your user as owner of the key and give your current user writing permissions.

Next, delete or rename the value RunAs. Now the Elevated-Unelevated Explorer Factory is disabled and you can start the Explorer with admin rights.

IMG REMOVED

This helps you delete files, for which you need admin rights.

Have fun :)

If you dont wanna mess up with RegEdit there is the proper way to modify that RunAs field

from your Administrator user open the Run.. window and write dcomcnfg.exe and press enter. The Component Services window will open (same from Administrator Tools).

From Component Services - > Computer - > Local Computer - > Config DCOM select Elevated-Unelevated Explorer Factory, right click and select Properties

immagineqyz.png

Select Identity Pane, you will see first option selected (Interactive User), select the second option (i have italian windows 7 i dont know what the english translate the second option to).

Link to comment
Share on other sites

thanks for pointing this out. The name is "the user who started the application":

The Launching User: the application will run using the security context of the user who started the application. The launching user and the interactive user may be the same.

INFO: Using DCOM Config (DCOMCNFG.EXE) on Windows NT

http://support.microsoft.com/kb/176799

Link to comment
Share on other sites

  • 1 year later...

Thanks for the tip, I am running it with Set-ACL, seems to be working on W8. Not sure I will need Set-ACL once I try it from SetupComplete.cmd which runs as system already.

SetACL -on "HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" -ot reg -rec yes -actn setowner -ownr "n:S-1-5-32-544"SetACL -on "HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" -ot reg -actn ace -ace "n:S-1-5-32-544;p:full"Remove-ItemProperty -Path "registry::HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" -Name RunAs# and to enable linked connectonsNew-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections" -Value 1 -PropertyType "DWord"
Edited by MrJinje
Link to comment
Share on other sites

Btw, the user "mlehmk" posted a tool on the Microsoft Technet forums, to start the Explorer with admin rights:

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/1798a1a7-bd2e-4e42-8e98-0bc715e7f641/#d00925cc-905f-4640-8b6f-106930220e98

You can download it from his DropBox:

https://dl.dropbox.com/u/12462931/ExplorerLoader.zip

Expand the ZIP and run the tool ElevatedExplorer.exe and it will start at the view "Computer". You can also pass a folder as parameter and Explorer will start at the folder.

Link to comment
Share on other sites

This helps you delete files, for which you need admin rights.

It could also be possible to let you see drives mapped with elevated Command Prompts? I've noticed this sometimes where if you map with an elevated CMD, you can't see or can't use the the mapped drive in Explorer.

Link to comment
Share on other sites

this happens because of the 2 tokens which users have with the UAC.

You can set the value EnableLinkedConnections to workaround this issue:

To configure the EnableLinkedConnections registry value, follow these steps:

Click Start, type regedit in the Start Search box, and then press Enter.

Locate and then right-click the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Point to New, and then click DWORD Value.

Type EnableLinkedConnections, and then press Enter.

Right-click EnableLinkedConnections, and then click Modify.

In the Value data box, type 1, and then click OK.

Exit Registry Editor, and then restart the computer.

http://support.microsoft.com/kb/937624

Link to comment
Share on other sites

XP doesn't have this issues because it doesn't have the UAC. You have a different issue.

In my both Windows XP computers (desktop and laptop) I can't open Windows Explorer with administrator's rights if I am in a restricted user account. Is it normal and if yes what can I do to change it? If no what can be causing it?

Link to comment
Share on other sites

XP doesn't have this issues because it doesn't have the UAC. You have a different issue.

In my both Windows XP computers (desktop and laptop) I can't open Windows Explorer with administrator's rights if I am in a restricted user account. Is it normal and if yes what can I do to change it? If no what can be causing it?

This is normal for XP. There is no user elevation for limited accounts. However, you can add a Run-As option (in Pro or Enterprise) to the context menu BUT it still requires you to know the credentials for an administrative login on the local machine or domain.

Link to comment
Share on other sites

I found the answer to my problem here:

I know this is an old thread, but in case someone else like me comes along later via search engine...

If you're running IE7 under WinXP, in order to run Windows Explorer with the runas command, it must be run as a separate process. A quick way to do this, without having to change your Folder Options settings, would be to run an instance of Explorer with the undocumented parameter /separate, like this:

runas /user:domain\username "explorer /separate"

...where domain is the domain name or local computer name of which username is a member.

Hope this helps.

Michael

With IE6 I could do the job, then with IE7 I couldn't (but I didn't know why). Obviously the same things that apply to IE7 apply to IE8 that I have now too.

Link to comment
Share on other sites

  • 5 months later...
  • 2 years later...

 

If you dont wanna mess up with RegEdit there is the proper way to modify that RunAs field

from your Administrator user open the Run.. window and write dcomcnfg.exe and press enter. The Component Services window will open (same from Administrator Tools).

From Component Services - > Computer - > Local Computer - > Config DCOM select Elevated-Unelevated Explorer Factory, right click and select Properties

Select Identity Pane, you will see first option selected (Interactive User), select the second option (i have italian windows 7 i dont know what the english translate the second option to).

 

I tried this method on Windows 8.1 (from the activated Administrator account), but all the options are grayed out so I can´t choose this second option. What am I doing wrong?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...