Runas, Savecred: still can’t get program needing admin privs to autostart without password prompt

Topic

New Reply

I use a VPN service called Private Internet Manager. I want the VPN program (PIAmanager.exe) to start up when I log on to Windows. I normally log on in a User account and the VPN program gives me a UAC prompt to enter an admin password. I don’t want to have to enter the password after every logon.

I am using a new laptop with Win7 Pro. With my older laptop using Win7 Ultimate, I am able to get this to work. Unfortunately, I lost the notes I made on how I did it. I think it required enabling the hidden Administrator account first. Then I used the following command line.

C:WindowsSystem32runas.exe /user:LaptopSx2Administrator /savecred “C:Program Filespia_managerpia_manager.exe”

The first time (more than a year ago) I did have to enter the Administrator password. Afterwards, I can always boot in a User account and the program starts without further password prompts. If I stop PIAmanager and want to restart it, using a desktop shortcut with that command line will restart it without an admin password prompt.

I cannot find any way to get that command to work by referencing an admin account that is not the hidden Administrator account. I prefer not to enable that account. (That’s a different subject.) Nor have I found any other way to get this to work.

I have tried putting PIAmanager.exe in the LocalMachine … Run section of the Registry. That still gets me a prompt to enter an admin password.

Any suggestions? I have not gotten anything on the PIA forums that works.

Reply | Quote

Replies

Randy,

Have you tried setting up a scheduled task (run on demand w/highest privileges) and then calling the scheduled task from a shortcut?
HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Early on in my trials a year or two ago, I did try using the Task Scheduler. I think I set it up from an admin account, as a run on boot for all users. It didn’t work to avoid the need to manually enter a pw.

I more recently found the step-by-step instructions that seem to be what you are talking about. These are on howtogeek. The critical failure comes after creating the task. It says something like “right click on the new task and hit Run” to make sure the program starts up.

I was in a user account but ran the scheduler as an administrator to set up the task. When I clicked on Run, nothing happened. I did go through the step of setting up a shortcut to call the scheduled task. If I click on that, I get a DOS box flash too briefly to read, and nothing else happens.

I will try this one more time. I’ll log on as an admin and run through the steps. This is not indicated as necessary by the howtogeek article. In fact, the implication is just the opposite.

Reply | Quote

Major oddity/clue:

I tried a couple of variations of setting up a new task when logged on as an admin. I can get PIAmanager.exe to start up automatically when the admin logs on, but still get prompt for an admin password when I am logging in as a user.

Now, I did just discover something odd. I had not noticed that the prompt for an admin pw referred not to PIAmanager.exe, but rather to Rubyw.exe. In the prompt, it is located in a temp subfolder of my usernameappdatalocal folder.

After some tests, I found that a new temp folder is created with Rubyw.exe in it when I run PIAmanager.exe. It is Rubyw.exe that needs admin permission, not PIAmanager.exe.

I don’t know how to get around this, since Rubyw.exe is created each time PIAmanager is run, or at least the first time PIAmanager is run after a reboot.

Reply | Quote

Randy,

Setup the task from a normal account.
In the When running the task, use the following user account: Enter the Admin account name and PW.
Check Run whether user is logged on or not.

Then give it a go. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Let’s make this specific. Say these are the account names on my system:
1. RandyUser – my main account with user rights
2. RandyAdmin – my account with admin rights
3. Administrator – the built in but hidden account with super admin rights

Say I am logged in as RandyUser user. I set up the task and get to “When running the task, use the following user account:” Here I can’t enter RandyAdmin as the account name. It says the name can’t be found when I do “check name”.

What can be found is the account “Administrator”, i.e., the hidden Adminstrator account. It asks for a pw, which I don’t know because the account has not been activated and I have not assigned any pw to it.

If instead I log on as RandyAdmin, I am back where I started. I can create a task, check all the right boxes, but there will still be a prompt for an admin pw to run Rubyw.exe when next I logon as RandyUser.

I really appreciate your trying to help. I now just don’t think there is any solution that doesn’t require either always logging on with admin rights (here as RandyAdmin) or activating the hidden Administrator account.

It isn’t a terrible problem, just an annoyance.

Reply | Quote

I know you don’t want to activate the Administrator account, but maybe you can compromise by temporarily enabling it, giving it a password, setting up the VPN and then disabling the Administrator again. I have never done anything like that. I suspect the Administrator account is not truly disabled, merely hidden.

Reply | Quote

Riffraff, the Administrator account is either “enabled” or “disabled”. This is clear from the folks elsewhere who want to hide it without disabling it, but cannot.

However, yours is still an interesting idea. It may be possible to set up the task scheduler as suggested by RG while the Administrator account is enabled, then disable the account but the task still runs. I don’t know, but I will try it when I get some time.

Thanks.

Reply | Quote

Riffraff, the Administrator account is either “enabled” or “disabled”. This is clear from the folks elsewhere who want to hide it without disabling it, but cannot.

However, yours is still an interesting idea. It may be possible to set up the task scheduler as suggested by RG while the Administrator account is enabled, then disable the account but the task still runs. I don’t know, but I will try it when I get some time.

Thanks.

The Administrator is enabled/disabled only so far as logon is concerned. It is very much active when one right-clicks an executable and selects “Run as administrator”. That is the administrator one is “running as”.

Bear in mind that you must also have an account setup as a member of the Administrators group, since “Run as administrator” will popup a UAC dialog box asking for a password for an account in the Administrators group. If you are logged on as a member of the Administrators group, the UAC will just ask for approval, Yes or No.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Let’s make this specific. Say these are the account names on my system:
1. RandyUser – my main account with user rights
2. RandyAdmin – my account with admin rights
3. Administrator – the built in but hidden account with super admin rights

Say I am logged in as RandyUser user. I set up the task and get to “When running the task, use the following user account:” Here I can’t enter RandyAdmin as the account name. It says the name can’t be found when I do “check name”.

What can be found is the account “Administrator”, i.e., the hidden Adminstrator account. It asks for a pw, which I don’t know because the account has not been activated and I have not assigned any pw to it.

If instead I log on as RandyAdmin, I am back where I started. I can create a task, check all the right boxes, but there will still be a prompt for an admin pw to run Rubyw.exe when next I logon as RandyUser.

I really appreciate your trying to help. I now just don’t think there is any solution that doesn’t require either always logging on with admin rights (here as RandyAdmin) or activating the hidden Administrator account.

It isn’t a terrible problem, just an annoyance.

Setup the task to run as System, check the box to use highest privileges. I use Task Scheduler for a lot of things, particularly routine maintenance, and those that require Administrator privileges will run when setup to run as System.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Hey Y’all,

I found these instructions on setting a task to runas SYSTEM.

[*]Go to Start > Administrative Tools > Task Scheduler
[*]In the Task Scheduler window click “Create Task” on the right hand bar under the “Actions” pane
[*]In the “Create Task” dialog click the “Change User or Group” button {Note: This button will only say Change User if TS is run from a standard user account! You need to run TS as Admin to get it to say Change User or Group and allow you to enter SYSTEM into the dialog box in step 5 below}
[*]Make sure “From this location” is set to the local machine name (to change click “Locations” button and select the local computer name)
[*]Type “SYSTEM” in the text box and press ok . Under “When running the task, use the following user account:” you should see “NT AUTHORITYSYSTEM”.

Here’s what I’ve found running on Win 7 HP SP-1 64bit:

[*]I tried setting up CCleaner per the instructions above.
[*]It will not let you use System if TS is started from a standard user account)
[*]It will allow the use of System if TS is started as Admin and the password provided.)
[*]You can right-click on the task and run it and it will show running but CCleaner’s Window does not show up {not very useful} and it also does not show up in Process Explorer even if you click on show processes from all users. The Event Logs show CCleaner starting and my Manual shutdown of the task.
[*]However, the task will be stored in the Admin Account! Thus if you exit TS and restart it in normal mode the task is not visible.
[*]You can not run the task from a Shortcut in the Standard User Account as the task is not present in the standard user account.

So It would seem that this process doesn’t work if there in User Interaction involved and the task can’t be run from a Standard user account unless you login into TS as Admin. I must be missing something?:confused:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Hey Y’all,

I found these instructions on setting a task to runas SYSTEM.

[*]Go to Start > Administrative Tools > Task Scheduler
[*]In the Task Scheduler window click “Create Task” on the right hand bar under the “Actions” pane
[*]In the “Create Task” dialog click the “Change User or Group” button {Note: This button will only say Change User if TS is run from a standard user account! You need to run TS as Admin to get it to say Change User or Group and allow you to enter SYSTEM into the dialog box in step 5 below}
[*]Make sure “From this location” is set to the local machine name (to change click “Locations” button and select the local computer name)
[*]Type “SYSTEM” in the text box and press ok . Under “When running the task, use the following user account:” you should see “NT AUTHORITYSYSTEM”.

Here’s what I’ve found running on Win 7 HP SP-1 64bit:

[*]I tried setting up CCleaner per the instructions above.
[*]It will not let you use System if TS is started from a standard user account)
[*]It will allow the use of System if TS is started as Admin and the password provided.)
[*]You can right-click on the task and run it and it will show running but CCleaner’s Window does not show up {not very useful} and it also does not show up in Process Explorer even if you click on show processes from all users. The Event Logs show CCleaner starting and my Manual shutdown of the task.
[*]However, the task will be stored in the Admin Account! Thus if you exit TS and restart it in normal mode the task is not visible.
[*]You can not run the task from a Shortcut in the Standard User Account as the task is not present in the standard user account.

So It would seem that this process doesn’t work if there in User Interaction involved and the task can’t be run from a Standard user account unless you login into TS as Admin. I must be missing something?:confused:

Tasks run via Task Scheduler always run hidden. So if any part of the task asks for permission to run or for a selection of some drive or any other required user input, it will stall. It won’t fail, and it won’t stop. It will show in Task Scheduler as running. Since it is hidden, there is no way to acknowledge permissions or selections, so it will just keep running, and waiting.

Tasks that are not properly setup in Task Scheduler might show as running, but Task Manager won’t show anything happening in relationship to that task, since it is not actually running. Task Scheduler has called for the task to run, and that’s where the “running” is being indicated; the task has been initiated. But if any arguments are improperly entered, or something in the permissions is out of whack, the task will not actually run, it will only be initiated, and thus show as running. The task itself will fail, but since it is running hidden, no error popup will be seen.

Task Scheduler should always be started using “Run as administrator”, even if one is logged on as a member of the Administrators group. In this way, tasks can be scheduled to run as “SYSTEM” with highest privileges. When you test a task by clicking “Run”, check Task Manager to see if its executable is running. If it isn’t, then something about the task has been setup incorrectly.

I have multiple tasks scheduled, all run as SYSTEM, and they all actually run. Some didn’t to start out, and after finding the error in the task schedule, I got them configured correctly, and now they run successfully on schedule.

If they are setup correctly, Task Manager will show it.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I found the task schedule created when I installed PIAmanager.exe. It was running from my admin account because I was logged in that way when I installed the program. Highest privileges was checked.

I changed the task to run by the System account, and to run with logon of any user. I then restarted the laptop. Nothing happened I could see. If the program had run correctly, I would have an task bar icon showing the VPN was active.

This is consistent with what bbearen wrote. Task Scheduler runs but no error and the desired action does not happen. Here is the event log for a 4pm logon:
39415-taskPIA

Reply | Quote

Tasks run via Task Scheduler always run hidden.

Bruce, to clarify the above I believe you meant to say “Tasks run as System…”. I say that because I have a whole raft of tasks that run and display the UIs for the associated programs like CCleaner, Macrium Reflect, Revo Uninstaller Pro, etc., and my own PowerShell programs. These are all set to run w/Highest Privileges so I don’t have to answer the UAC prompt. :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Bruce, to clarify the above I believe you meant to say “Tasks run as System…”. I say that because I have a whole raft of tasks that run and display the UIs for the associated programs like CCleaner, Macrium Reflect, Revo Uninstaller Pro, etc., and my own PowerShell programs. These are all set to run w/Highest Privileges so I don’t have to answer the UAC prompt. :cheers:

Good point, RG, thanks for keeping me straight. I have Task Scheduler run a lot of tasks, but they are all setup to run as System, and so are hidden. But yes, Task Scheduler can just as well be used to invoke programs at highest privileges to step around UAC prompts.

I do a lot of (too much?) tinkerin’ with my systems, so I kinda like the reminder that I’m stepping up my game by having that UAC prompt.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Ok, I am back now with maybe a little time to try some of this out. First, however, one comment and one new, bizarre problem unrelated to the thread.

The comment: “Run as administrator” = run from an account with admin privileges. This is not the same as “Run as Administrator” where “Administrator” is the hidden, disabled-by-default super admin account.

The bizarre new problem: I cannot do a Print Preview of this thread in Firefox. It just hangs. If I try to print to Adobe PDF (I have Acrobat Pro), it also hangs. If i do a Print Preview in IE, it shows 69 pages, each one with the text getting narrower and narrower.

Reply | Quote