Page 1 of 1

Windows 10 starting a process elevated as normal user

Posted: Mon Jul 02, 2018 3:50 am
by Willy@PV
Powershell Studio 2018
Windows 10 x64 UAC enabled

I'm actually trying to start notepad(= just an example) without UAC virtualization. If correct this can only be achieved when starting a process elevated. So as a normal user we want to start notepad.exe as local administrator & elevate the process.

Create 2 files:

1. starter.exe
code: start-process elevator.exe
Compile options:
-default manifest
-Run mode:alternate user(Runas user): administrator+password

2. elevator.exe
code: start-process notepad.exe
compile options:
-embed a default manifest for elevation
-run mode: current user

So, when a normal user opens starter.exe, the starter.exe process will be started as administrator. Starter.exe will then start elevator.exe. This process will be elevated.

This works perfectly under Windows 7
Under Windows 10 I'm indeed getting a notepad window, started as administrator & elevated. But the window is black with a blue bar as title bar. No text is displayed. It looks like a high contrast window but text isn't visible. Window buttons are not visible, but can be clicked. Tested this on multiple pc's, same problem.

Anyone has seen this behaviour? ideas?

EDIT: did another test inside a W10 vm, non domain => i dont have the problem. So i'm only seeing this on domain pc's. Could be a policy issue...

Re: Windows 10 starting a process elevated as normal user

Posted: Mon Jul 16, 2018 8:02 am
by davidc
Sorry for the late reply.

The black window issue seems to be a .NET bug. We encountered this issue with .NET executables before. Note: We used non-domain VMs.

We found that non-.NET executables don’t have the same issue. Therefore, to get around the issue, create a VBScript packaged executable initiate the Run As.

Re: Windows 10 starting a process elevated as normal user

Posted: Mon Jul 16, 2018 8:26 am
by davidc
Here is sample code for VBScript:

Code: Select all

Dim Shell

set Shell = CreateObject("Shell.Application")
Shell.ShellExecute "application.exe","","" ,"RunAs",1