Possibillity to run Store Apps with Built-In Administrator Account

Discussion in 'Windows 10' started by countingcrows, Nov 30, 2016.

  1. countingcrows

    countingcrows MDL Novice

    Oct 15, 2015
    30
    8
    0
    Hello Everyone,

    It is not possible for built-in Administrator to run Store Apps since no split token is available.

    This setting:
    User Account Control: Use Admin Approval Mode for the built-in Administrator account > Disabled

    Admin has full access this way (regardless of "User Account Control: Run all administrators in Admin Approval Mode" setting).

    But Store Apps won't run.

    Does anyone know a workaround without affecting that setting?

    In another forum, the following advice was given. Something to this affect.



    PS: Please do not post about how compromised security is going to be. This is my choice.
     
  2. countingcrows

    countingcrows MDL Novice

    Oct 15, 2015
    30
    8
    0
    Another idea would be:

    For Store Apps, right click "Run As User"... so that we can run as another user apart from Administrator. Does not look possible so far.
     
  3. countingcrows

    countingcrows MDL Novice

    Oct 15, 2015
    30
    8
    0
    More testing:

    User Account Control: Use Admin Approval Mode for the built-in Administrator account > ENABLED: Apps start

    Elevated CMD: taskkill /im:explorer.exe /f
    Elevated CMD: explorer.exe

    Apps won't start.
     
  4. countingcrows

    countingcrows MDL Novice

    Oct 15, 2015
    30
    8
    0
    #4 countingcrows, Nov 30, 2016
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Progress:

    Make a shortcut to explorer. I already have this in my Quick Launch:
    Target: %windir%\explorer.exe /n, e/,Z:\

    Choose Properties > Advanced > Run as Administrator

    Then:

    Code:
    subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /setowner=builtin\administrators
    subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /grant=builtin\administrators=F
    reg delete HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /f /v RunAs
    reg add HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /v LoadUserSettings /t REG_DWORD /d 1
    subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /grant=builtin\administrators=R
    subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /setowner="NT SERVICE\TrustedInstaller"
    
    User Account Control: Use Admin Approval Mode for the built-in Administrator account > ENABLED

    Apps start.

    Enabling Admin Mode Approval is making explorer shell run with MEDIUM integrity. So apps work.

    With the explorer modification, we are starting new instances of explorer.exe with HIGH integrity. So no restrictions in browsing through the filesystem.
    Since it explorer is the parent process, any programs started from context menu (WinZip, for example) are also starting with HIGH priviledges.

    So far this seems to be the best solution I found to keep Store Crap running and also have access to my filesystem without being bugged.
     
  5. biorpg

    biorpg MDL Novice

    Jul 18, 2010
    24
    11
    0
    This probably isn't very helpful, but I searched long and hard for a way to do this shortly after Windows 10 Technical Preview was available, and I actually found a TechNet Q&A where a MS rep (maybe just a VIP) posted a very obscure registry entry that allowed the Built-In Administrator to run store apps. It did work, but obviously I've reinstalled a few(lol) times since. I can't for the life of me remember exactly what the registry entry was nor am I able to find it again on TechNet.

    It was a 3 or 4 letter key in all caps(an acronym of sorts), I believe it started with an M or a W and it was somewhere pretty close to the root of the HKLM\Software\Microsoft key. I want to say that the key was already there, with nothing in it, and I needed to add a value..

    In hindsight, the drugs were still worth it! :eek:
     
  6. dmex

    dmex MDL Junior Member

    Apr 20, 2011
    92
    102
    0
    Does this key sound familiar?

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI

    "double click on 'Default' and change the value to 0x00000001(1)"