Ever since the release of Windows Vista you have more than likely run across the phrases "Run program x as administrator" or Run program z elevated" or at the very least have seen a pop-up very similar to this . User Account Control or UAC is a security feature designed to help prevent malicious code from running that requires elevated rights.
Well what do we mean by elevated rights? Here is some background on one of Windows security mechanisms. In Windows we have something call MIC or mandatory integrity controls which can be assigned to any securable object in windows (think files, directories, the registry etc). Any of these and more can have a MIC of LOW, MEDIUM or HIGH. Low isn't used too frequently in Windows but as an example it is used by Internet Explorer and Edge browsers for protected mode. Medium is used for all standard operations (normal functionality) and High is reserved for administrative functions. All users have one of these labels assigned too and they can access anything at their assigned level or lower. All users (even those in the administrator group) are running at the medium level. When you invoke the UAC (we'll get to several ways to do this) your created process gets a special user access token with your administrative user and it also has the High MIC attached to it. You can think of a user in the administrator group as really having two user accounts that share the same name, SID and home directory.
How to Open an Application With Elevated Rights
Embedded Manifest
An application can have it coded into it's manifest that it should always try and open with admin rights. This is identifiable when you see a yellow and blue shield on an application.
Invoke Via the Right Click Context Menu
Any item that supports it will allow you to right click the item and select "Run As Administrator" such as an executable, shortcuts or batch script files.
Keyboard Shortcut Execution
You can press and hold Ctrl + Shift and double click an application (or single click items on the taskbar) to automatically run them elevated
Programmatic Execution
You can also launch an elevated process from most programming or scripting languages. Powershell as an example
Well what do we mean by elevated rights? Here is some background on one of Windows security mechanisms. In Windows we have something call MIC or mandatory integrity controls which can be assigned to any securable object in windows (think files, directories, the registry etc). Any of these and more can have a MIC of LOW, MEDIUM or HIGH. Low isn't used too frequently in Windows but as an example it is used by Internet Explorer and Edge browsers for protected mode. Medium is used for all standard operations (normal functionality) and High is reserved for administrative functions. All users have one of these labels assigned too and they can access anything at their assigned level or lower. All users (even those in the administrator group) are running at the medium level. When you invoke the UAC (we'll get to several ways to do this) your created process gets a special user access token with your administrative user and it also has the High MIC attached to it. You can think of a user in the administrator group as really having two user accounts that share the same name, SID and home directory.
How to Open an Application With Elevated Rights
Embedded Manifest
An application can have it coded into it's manifest that it should always try and open with admin rights. This is identifiable when you see a yellow and blue shield on an application.
Invoke Via the Right Click Context Menu
Any item that supports it will allow you to right click the item and select "Run As Administrator" such as an executable, shortcuts or batch script files.
Keyboard Shortcut Execution
You can press and hold Ctrl + Shift and double click an application (or single click items on the taskbar) to automatically run them elevated
Programmatic Execution
You can also launch an elevated process from most programming or scripting languages. Powershell as an example
