How to determine whether Application Manager has elevated a process

Version 1

    Introduction

    In certain scenarios you may have configured Application Manager to elevate a particular process, but it may not be immediately obvious whether the elevation has applied.

    Detail

    As an example, say you have configured notepad.exe to be elevated for standard users (non-administrators), using the out of the box "builtin elevate" policy.

     

    To determine whether the elevation is applying successfully:

     

    1. Log in as a standard user (who is not a member of the built-in administrators group) and launch notepad.exe.

     

    2. With notepad still running, launch sysinternals Process Explorer (https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx) and locate notepad.exe.

     

    3. Right-click on notepad.exe and select 'properties'.

     

    4. From here go to the 'Security' tab to review the token associated with the process.

     

    5. You should see the 'BUILTIN\Administrators' group listed here: