hits counter

Products - Context Runas UAC - Software with a 90 days unlimited trial with all features

Go to content

Main menu:

Products - Context Runas UAC

Start any program without any need to type username and password if User Account Control is activated. 
Version 1.0.0.0 will be released before 2016

Download
Maybe your company's security rules forces you to logon as not being member of the local administrators group. But sometimes you need the credentials of the local administrator, or your domain administrator. If so, your option is to right click a file in Explorer.exe, and select the "Run as a different user" in the context menu, and type the needed username and password. But in some cases, you might need to right click a file, that don't show you the "Run as different user" option in Explorer.exe's context menu. That is e.g. the case for .vbs files (vbScript), where Explorer.exe's context menu only gives you the option to run e.g. the .vbs file with one of your file associations in registry, even if you hold down the SHIFT key while right clicking the file.
No need any more to give a few of your company's end users permissions as local administrators, or change any file associations.
Features:
  • Start any program without any need to type username and password if User Account Control is activated.
  • Works even if the "Run as different user" option is missing in Explorer.exe's context menu with Shift enabled.
  • Works for all the different Control Panel functions.
  • You can even automatically add some silent switches when starting the program.
  • Configure starting the program to run only from a folder that you specify, and only the file you specify.
  • No need any more to give a few of your company's end users permissions as local administrators.
The solution is to use ContextRunAsUAS instead of Windows Explorer.exe 
  
ContextFileExplorer.exe
You can create a substituted file, you can run using the ContextFileExplorer.exe, or you can automatically compile an exe-file, that runs with the credentials you specify. 
 
<----- If you use the Control Panel button, it's ready to copy/paste the folder- and filename of your selection.

You can create a substituted file, you can run using the ContextFileExplorer.exe, or you can automatically compile an exe-file, that runs with the credentials you specify.

And runs without typing the password you select, but only can run from the folder you specify.

You can also compile the same, that can run from anywhere, but (only) needs to type the password, you select.
It's been examined for some weeks, and it isn't documented by Microsoft, but the main part of these Control Panel feateres below always works if you use the Start/Run menu, and types the .cpl, .exe or .msc filename. But if you runs them using a script with credentials, lilke e.g. the Windows builtin command line runas.exe, then some of them only works on Windows XP, but not on Windows 7, and some of then only works on Windows 7, but not on Windows XP, and a few of the both works on Windows XP and Windows 7. And it's exactly the same source code in Windows 7 and Windows XP that's used to start these Control Panel features.

If you know why and have the solution, then please send an email about it, so it can be part of the ContextRunAsUAC Software.
Below it's marked which operating system they works on, acoording to the test results:
 Here is what you can select using the Control Panel button:
 Excel reduced to 3000 high
   
When using ContextFileExplorer.exe,  you can start any program without any need to type username and password, but they will start with your choice of another users account credentials and userprofile:

  1. Select a program and select a context file like e.g. *.vbs, and it runs automatically with another usernames credentials and userprofile, like e.g. your domain administrator.

  2. Select a program and select e.g. some silent switches, and it run automatically with another usernames credentials and userprofile, like e.g. your domain administrator.

  3. Select a scriptfile like e.g. .vbs, and it run automatically with any editor of your choice, and with another usernames credentials and userprofile, like e.g. your domain administrator.

  4. Create compiled program files, that includes the context file or silent switches, but not includes the password for e.g. your domain administrator, and you can run it from anywhere, but only if you manually type the password for e.g. your domain administrator. If so, you don't need to use ContextFileExplorer.exe to run it.

  5. Create compiled program files, that includes the context file or silent switches, and includes the password for e.g. your domain administrator, but only can run from a folder that you select, and only the file you select.

    So there's no need anymore to give a few of your company's endusers permissions as local administrators for those few thirdparty programs, that isn't able to run without these credentials. And this feature can also be used, when creating difficult roulout packages in your Management System, where the thirdparty program e.g. needs a users credentials in order to do the install in the user profile folder and HKCU registry hive. And that's not possible if your Management System is using the local system account, when running on your endusers computers. If so, you don't need to use ContextFileExplorer.exe to run it.

  6. Use the "shortcut" or file from #4 and #5 in your own shortcuts, commandline files or script files.

  7. Use the "shortcut" or file from #4 and #5 with your task scheduler

  8. Make the autostarting program files in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run start automatically with another usernames credentials and userprofile, like e.g. your domain administrator.

  9. You can of course do it with the following file extensions: .exe, .msi, .vbs, .cmd, .bat, .cpl and .msc, and many more.

Please note that in all the options mentioned above (except #4), you don't need to type any username or password.

But if the vendor have compiled a manifest into their program, forcing your operating system to UAC-elevate a local administrator account, before starting their program, ContextRunAsUAC can't change anything about that.

But there is a tiny tiny riskthat if a hacker gets access to your harddisk, or your backup maybe on a USB-Disk, your domain fileserver, or a FTP-server, or a Cloud Backup service, without being logged on as you, and if they could figure out what is needed to do, they could manipulate ContextRunAsUAC to gain access to
use (not to see your passwords) one of the 4 user credentials described below, saved in a 1.048 bit encrypted binary Passwords.bin file. In order to avoid that 100% securely, the encrypted Passwords.bin file described below, is always automatically disabled each time you logoff your computer, so in order for yourself to use it, you are always (but only once after you login) asked to enable it with your domain administrators password as described below. Otherwise the encrypted Password.bin file isn't enabled.

And in order to disable hackers choice of using 'brute force' or simular tools to crack your encrypted Passwords.bin file, The enabling algorithm is delayed 15 seconds by ContextRunAsUAC, because these hacker tools is using trillions of attacks each second, in order to crack it. So now they can only use 1 attack each 15 second.

NSA (National Security Agency) in U.S.A. have decided that AES 256 bit encryption is enough for government use, because hackers would need 50 supercomputers build in 2012 in 3.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000 years if they attack 1.000.000.000.000.000.000 times each second. These numbers should be multiplied with 32 (from 256 bit to 8.192 bit) with the ContextRunAsUAC encryption, and multiplied with 1.000.000.000.000.000.000 * 15 (for each second). Maybe it would be much faster than that, if hackers could use NSA’s new monster computer
, but it’s too expensive, and will never be used to crack the ContextRunAsUAC 1.024 bytes encryption, so you can use it without any problems.

But Iyou have the option to change the seconds between 0 - 15 seconds, if you don't find this nessessary.

Here is what ContextRunAsUAC automatically does, so you don't need to do anything of the description below, it's only shown automatically just after install, and it's here to explain to you, how ContextRunAsUAC works.

In the example below .vbs files are running with PsPadEditorCapaLib, where ContextRunAsUAC does the following for you:

1. Create an encrypted Passwords.bin file with passwords of the LogonUser setting described below in #3

save your usernames and passwords for the local administrator

2. Create a special "substituted" copy of  your original program file C:\Program Files\PsPad Editor\PsPad.exe as ContextPsPad.exe in the same folder.

3. Create a copy of C:\ITD\TrywareDk\ContextRunAs\SW\Ini\ContextDefaultSettings.ini as C:\ITD\TrywareDk\ContextRunAs\BSW\in\Substituted\ContextPsPad.ini, that is used each time you use the substituted ContextPsPad.exe, with the following settings:
 
C:\ITD\TrywareDk\ContextRunAsUAC\Ini\ContextDefaultSettings.ini
© Copyright 2001-2015: IT-Programmer J. Malmgren, www.TryWare90Days.com, version 1.0.0.0, December 2015.

[ForceSettings]                <---------------------------------------------------------------------------

SubstitutedProgramFile=C:\Program Files\PsPad Editor\PsPad.exe
       ;  Filename with full path for the original program file, that you have substituted.
       ;  Syntax: Drive letter + full path + filename + fileextensions

AlwaysForceLogonUser=False
       ;  Does the program you want to start NEED to be run ONLY with a certain LogonUser? You will  
       ;  normally NOT use this setting yourself, but I might use it as part of some of the other
       ;  Products. So in this Context.ini file located in
       ;  C:\ITD\TrywareDk\ContextRunAsUAC\PW\Bin\Substituted, it's only an intention to inform
       ;  you about which of your substituted program files that might have forced changed in YOUR
       ;  settings of LogonUser below, so you can't change it yourself. If so, this setting will
       ;  show you which of the other Products, that caused the change. If ContextRunAsUAC haven't changed
       ;  YOUR LogonUser setting below, this setting will be the builtin default setting: False
       ;  Syntax: False or your substituted programs exe-filename with full path and extension

LogonUser=3

       ;  Which of your passwords do you want to use, when starting your substituted program file?
       ;  0: NOT member of local administrators group
       ;  1: Member of the local administrators group
       ;  2: Member of the domain users group
       ;  3: Member of the domain administrators group
       ;  If you don't specify anything, or syntax is wrong, my default setting will be used: 3
       ;  Syntax: Between 0-3

SecondsTooltip=10
       ;  This will show you a tooltip in the the middle of your screen, when you start your substituted
       ;  program file with ContextRunAsUAC. The tooltip will show you the name of your substituted
       ;  program file, and if use also the name of the file you want to be opened by your substituted
       ;  program file. The tooltip will also show which LogonUser is being used, and the tooltip will disappear
       ;  after the number of seconds (not milliseconds) you specify.
       ;  If you specify 0 seconds, the tooltip won't appear.
       ;  WARNING: ContextFileExplorer.exe is disabled the specified seconds
       ;  If you don't specify anything, or syntax is wrong, my default setting will be used: 10
       ;  Syntax: Between 0-60
 
4. Add C:\Program Files\PsPad Editor\PsPad.exe to your list of substituted program files in C:\ITD\TrywareDk\ContextRunAsUAC\PW\Ini\ContextSubstituted.ini

C:\ITD\TrywareDk\ContextRunAsUAC\Ini\W7-ContextSubstituted.ini
© Copyright 2001-2015: IT-Programmer J. Malmgren, www.TryWare90Days.com, version 1.0.0.0, December 2015.

[SubstitutedFiles]
C:\Program Files\PsPad Editor\PsPad.exe
C:\WINDOWS\system32\appwiz.cpl
C:\WINDOWS\system32\services.msc

NOTE: There's no need to change any of your shortcuts to your original program file for PsPad Editor, and no need to change anything in your registry about your file associations for the *.vbs extension to the PsPad Editor.

The first time you run the ContextFileExplorer.exe, it will automatically force you to run the

ContextPasswordSave.exe, that asks you 4 questions:

  • Computername, username and password for your user not being member of the local administrators group.
  • Computer- or Domainname, username and password for your user being member of the local administrators
    group.
  • Domainname, username and password for your user being member of the domain users group.
  • Domainname, username and password for your user being member of the domain administrators group.

ContextPasswordSave.exe will then use a strong encryption to save these 4 settings in a encrypted Passwords.bin file, where your around 100 bytes, is converted to a binary string containing more than 175.000 encrypted bytes.

So the encryption is even stronger than the 256 bit encryption, being used by NSA.

For years, one of the hardest shells has been the AES Standard, one of several algorithms used by much of the world to encrypt data. Available in three different strengths, 128 bits, 192 bits, and 256 bits, it?s incorporated in most commercial email programs and web browsers and is considered so strong that the NSA has even approved it's use for top-secret US government communications.

If you want to change the default filenames filter when using my file open dialog box, or the default selected substituted file, or the delay options, use this file:

C:\ITD\TrywareDk\ContextRunAsAUC\Ini\ContextControl.ini
© Copyright 2001-2015: IT-Programmer J. Malmgren, www.TryWare90Days.com, version 1.0.0.0, December 2015.
 
Last updated: 01-04-2015
Contact        Privacy Policy        Site Statistics        Sitemap        Terms of use       
Back to content | Back to main menu