5

I don't know anything about Windows and try to understand the concepts about Permissions. Unfortunately, simply Googling doesn't help at all.

Windows says that my user is a member of the "Administrator" group. But yet, when I normally run programs, such as PowerShell, they reject to do certain things, such as installing new services. However when I select "Run as Administrator" in the Start-Menu, they suddenly are able to do so. What's the mechanism behind that?

I created a file within a process (PowerShell) that was "Run as Administrator" and then checked the owner of the file in Windows. But much to my surprise, the owner was my own user, instead of the "Adminstrator" user.

What's going on?

Improve this question
6
  • If you're familiar with *nix systems, "Run as Administrator" is the functional equivalent of SUDO.
    – Dan Is Fiddling By Firelight
    Commented May 20, 2023 at 19:41
  • @DanIsFiddlingByFirelight and by extension, an "administrator account" is one that's listed in the /etc/sudoers file as being allowed to use sudo?
    – Barmar
    Commented May 20, 2023 at 23:31
  • @Barmar yes it is.
    – Dan Is Fiddling By Firelight
    Commented May 21, 2023 at 16:56
  • @DanIsFiddlingByFirelight having read more about this, I am now certain that it is not the equivalent to sudo. But more similar to seccomp and capabilities (see man7.org/linux/man-pages/man7/capabilities.7.html ), because the user does not change, but rather the capabilities of the process, running with the same user, change. That's called "same-desktop elevation". In fact I previously misunderstood it to be functionally equivalent to sudo, which was the source of the confusion.
    – Johannes Schaub - litb
    Commented May 25, 2023 at 12:56
  • I believe, with my limited Windows knowledge (take with grain of salt) that the equivalent of sudo would be using Start-Process -Credentials while passing the credentials of an administrator user and being logged in as a non-administrator. See learn.microsoft.com/en-us/powershell/module/… .
    – Johannes Schaub - litb
    Commented May 25, 2023 at 13:01

1 Answer 1

Reset to default
10

See the Microsoft article Understanding User Account Control (UAC) and especially the section Standard and Administrator Access Tokens that fully explains what happens:

Standard and Administrator Access Tokens

  1. When an administrator logs on, the user is assigned two separate access tokens:
    • a full administrator access token and a
    • standard user access token.
  2. The full administrator access token is not invoked until the user attempts to perform an administrative task.
    • In other words, if you log on as a member of the local administrators group, you will run with your administrative privileges disabled until you attempt to run an application or task that has been marked to require administrative privileges. When UAC is enabled, local administrator accounts run as standard user accounts until elevation is required.
Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.