As you might all know, Windows Vista introduced some major changes to the security model of Windows, including User Account Control. What UAC does is introduce the concept of apps having the least privilege - only enough permissions that apps need to run should be granted to them and not full admin permissions, because if malware or bad apps run as admin, they can pretty much do any damage to your OS.
However, thanks to UAC, the user experience gets spoiled slightly and decades-old Windows users who were not used to this concept or who were not explained why it was introduced were bewildered when they migrated from Windows XP. They didn't understand why they were asked to confirm any action that does system level changes to their PC. One such application that shows considerable amount of UAC prompts if you are running Windows with the highest level of the UAC setting is File Explorer (formerly known as Windows Explorer). While Explorer does not show that many UAC prompts at the default UAC setting, the default UAC setting is not 100% foolproof. It is only secure against apps that assume admin level privileges to do bad things.
Now you might ask why would you want to run Explorer as administrator in the first place? Suppose you need to do some file operations that involve lots of UAC prompts. Or maybe some shell extension (e.g. right click menu extension) still hasn't been updated to work with UAC and it fails to work until it is run as admin. There is no Microsoft-provided way to elevate shell extensions that fail to work properly. So rather than always running all apps with UAC set to the default setting, you could set UAC to the highest level permanently and instead temporarily elevate the File Explorer in a separate process so you could get your stuff done as admin and then close it.
Except the problem is that Microsoft does not allow running Explorer as administrator in Windows 8.1/8 (and in Windows 7 too). In Windows Vista it was possible to run Explorer as administrator. Microsoft uses DCOM to launch Explorer in Windows 7 and later versions. A DCOM class factory checks if the user is running interactively and launches Explorer. They put in a restriction in the registry as a security measure to prevent running it as administrator. Of course, if you are using a third party file manager to do file operations, then it's no problem as you can easily elevate it temporarily.
In this article, we will see how to elevate Explorer so you can do your file operations which show too many UAC prompts or use shell extensions that don't work without elevating. We will also see how to close the elevated process. The solution to run Explorer elevated was found by one of our readers and Windows enthusiast, Andre Ziegler, who pointed the reg key used by the DCOM class in this Technet Forums thread. Here is how you can do it:
1. Download and open Winaero's excellent RegOwnershipEx application. RegOwnership allows you to take ownership of registry keys and grant admin permissions and later restore them, all from an easy-to-use user interface.
RegOwnershipEx at work taking ownership and granting permissions which it can later restore
2. In the 'Select the Registry Key' text box of RegOwnershipEx, copy and paste the following:
3. Click the Take Ownership button. You will see the Lock icon getting unlocked. Now click 'Open in Registry Editor'.
Registry Editor showing the key that prevents Explorer from running as admin
4. Registry Editor will open at the above key. In the right pane of Registry Editor, you will see a value named 'RunAs'. You need to simply rename this value or delete it so Windows allows you to run Explorer as administrator when you need it. Rename 'RunAs' to anything. For example, RunAsAdmin (so you remember you made this change).
5. Close Registry Editor and now switch back to RegOwnershipEx. Click the 'Restore Ownership' button, tick the key that you just took ownership of and restore its ownership.
That's it. Now if you right click Explorer.exe or a shortcut to it and select 'Run as administrator', you will be able to run it as admin! It will start as a separate process which you can see in Task Manager or SysInternals' excellent Process Explorer.
You can also use Winaero's simple but useful ELE.exe app to start any program as administrator from the command line.
When you run it as administrator, no matter what you do inside it, you won't be shown a UAC prompt. If you run Process Explorer as administrator too, it will show the integrity level of the second Explorer process as High (High means that the process is running as administrator).
Process Explorer showing Explorer.exe running as administrator
Now the important thing to note is that this process does not cleanly exit when you close the Explorer window! You must remember to terminate it every time you elevate Explorer after you are done working in the Explorer window.
Also, you should not run Explorer as administrator on a regular basis. You should only elevate it if you need to use some incompatible shell extension or if you need to do multiple heavy-duty file operations which are going to produce lots of annoying UAC prompts to manage and maintain files and folders on your hard drive. And remember to end the second Explorer.exe process in Task Manager after you are finished working with it.