2 Replies Latest reply on Feb 5, 2019 7:11 AM by leventk

    Specified file run as Admin rights

    leventk Rookie

      I need to give permission to standard users to open one text file with runas admin rights. How to do it?

      If standard user open specifed file notepad.exe must take admin right and user can save.

      This file is c:\Windows\System32\drivers\etc\hosts  file. Under the Windows folder.

        • 1. Re: Specified file run as Admin rights
          randyb1 SupportEmployee

          leventk I've had some difficulty with this one.

           

          The first problem is that even if you have admin rights, you still can't edit the file.  By default, the hosts file is set to read-only, hidden, and system.  So before you can edit the file, the attributes must be changed by an administrator with the following command:

          attrib c:\windows\system32\drivers\etc\hosts -r -s -h

           

          Then, you must elevate the editor you wish to use.  In my lab, I can't seem to get notepad.exe to elevate for my test account.  Not sure why, and I didn't have a lot of time to troubleshoot.  I was, however, able to elevate Notepad++.exe.  But this brings us to the next challenge.  If you elevate the application, the application is now elevated for editing ANY system files.  A partial workaround for this is to add "c:\windows\system32\drivers\etc\hosts" as an argument to the rule, so it looks like this:

           

           

          But, this doesn't work if you just double-click on the file.  You must run from the Run box or command prompt with the following:

          %ProgramW6432%\Notepad++\notepad++.exe c:\windows\system32\drivers\etc\hosts

           

          Then Notepad++ will launch with admin privileges.  However, now the user can still open other system files.  So there's really no way to completely avoid that problem.

           

          The problem here is that you want to grant admin privileges to a FILE, not a PROCESS, which isn't what AC is meant for.  Ultimately, that's a permission, not a privilege.  You'd be better off changing the attributes and granting specific permissions to the file.

          • 2. Re: Specified file run as Admin rights
            leventk Rookie

            Thank you for response. I will try on our test environment