Readme for Elevation Tools version 1.0
The elevation tools consist of two separate tools. Please read this file to find out how to use them!
The elevate.exe tool installs in your %windir% directory. It is used to elevate arbitrary commands from a command line. To use it, from a command prompt, type:Elevate.exe [-l] <commandline>
When used without the –l switch the elevate.exe tool will launch a standard elevation prompt and launch the command line as the user you elect to elevate to. If you are an administrator in admin approval mode, it will launch as you.
If you specify the –l switch, elevate.exe does exactly the opposite. It will instead launch the command line with a low integrity token and all privileges except SeChangeNotifyPrivilege removed. Most programs do not work properly that way. This functionality is included primarily for testing purposes.
Please note that if your program path has spaces in it you must enclose it in quotes, such as "c:\Program Files\foo.exe" /a be /c.
ElevateExplorer.exe is designed specifically to elevate Windows Explorer. Normally it is not possible to elevate Windows Explorer. For example, if you right-click Explorer.exe and select "Run as Administrator" it will fail to work.
To get around this, ElevateExplorer.exe uses a specific call which causes a new instance of Explorer.exe to be launched. This instance will get launched with an administrative token. If you are an admin in admin approval mode you will see a single elevation prompt and Explorer.exe will launch as you. If you are a standard user the ElevateExplorer.exe tool will first add you to the Administrators group and then launch Explorer as you. This is necessary because Windows includes checks to ensure that there are not two Explorer instances with different user identities in the same session. However, it means that you will see two elevation prompts. In the first prompt you must use an account that is already in the Administrators group. This account is used to add your original account to the Administrators group. In the second prompt you must use your original account. For instance, let us assume I have these two accounts:
· _jesper – A local user that is a member of the Administrators group
· Domain\Jesper – A domain user that is not a member of the Administrators group. This is the account I am logged on with when I run ElevateExplorer.
In this case I would use _jesper in the first prompt. Then, in the second prompt, I would use Domain\Jesper. Explorer will launch as Domain\Jesper. The tool will then remove Domain\Jesper from the administrators group.
ElevateExplorer installs in %ProgramFiles%\Jesper M. Johansson\Elevation Tools\ElevateExplorer.exe
You can run both tools by double-clicking them, or by calling them from a command line. However, both also include shell extensions. This is the most convenient way to call the tools. When you install the tools you get three additional menu items on the right-click menu of folders in Windows Explorer:
· Command Prompt Here – This will launch a command prompt as whatever user you are logged on as. It is there for convenience only and does not include elevation at all. Note that the Windows Command Prompt does not support UNC paths, so this prompt will open to %Systemroot%\System32 if you right-click on a network folder.
· Elevated Command Prompt Here – This will call elevate.exe to launch a command prompt elevated pointing at whichever directory you right-clicked on. It is a very convenient way to get a command prompt running as an administrator to an arbitrary location.
· Elevated Explorer Here – This will launch an elevated Windows Explorer window to whatever location you right-clicked on.
All the tools are fully uninstallable. Simply use the Programs and Features Control Panel to uninstall all components of the tools.
The tools have only been tested on 32-bit platforms. It is currently not known how well they work on 64-bit computers.
Microsoft did not provide a built-in ability to elevate Explorer.exe because Explore.exe is inherently not designed to be a multi-instance process. Certain scenarios do not work properly. For example, if you have two instances of Explorer and create a folder in one, you have to refresh the other instance to see the folder. In addition, some COM add-ins may not work properly when you are running multiple instances of Explorer. The functionality is very useful, but use it with caution. Running multiple instances of Explorer has not been fully tested by Microsoft. It may destabilize your system.
If you have feedback on the tools, please contact Jesper at jesper_m_johansson@hotmail.com. More information may be posted in my blog at http://msinfluentials.com/blogs/jesper.
kmichalo1