Run Explorer as TI

Discussion in 'Scripting' started by Thomas Dubreuil, Nov 9, 2018.

  1. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    185
    271
    10
    #1 Thomas Dubreuil, Nov 9, 2018
    Last edited: Jan 9, 2019
    I made a (small) script to run Explorer as Trusted Installer.

    What the script does:
    It will delete 'CreateExplorerShellUnelevatedTask' if present (this task is created when you try to "elevate" Explorer).
    It will rename "RunAs" value to "_RunAs_" under HKEY_CLASSES_ROOT\AppID{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} registry key (with Nsudo help). This value also prevents Explorer elevation.
    It will launch an Explorer window as Trusted Installer (with Nsudo), and finally sets the registry key back to its default value ("RunAs").

    Credits to: @Mouri_Naruto for Nsudo and @abbodi1406 for the Nsudo script part/idea.
    Warning: USE CAREFULLY, as you will be able to delete protected files and folder.

    -App: I made a small .exe application out of it, with Nsudo embedded: It will extract Nsudo to the script folder, then delete it after the command is executed.

    Code:
    File : RunExplorerShellAsTrustedInstaller.zip
    updated : https://forums.mydigitallife.net/threads/run-explorer-as-ti.78329/#post-1494455
    
    -Script (Note you have to have Nsudo next to the script) :
    Code:
    @echo off
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    "%~dp0NSudo.exe" -U:T -P:E -ShowWindowMode:Hide "%~dpnx0"&exit /b >NUL 2>&1
    )
    
    :OK
    schtasks /Delete /TN "CreateExplorerShellUnelevatedTask" /f >NUL 2>&1
    
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    
    explorer.exe /root,
    
    TIMEOUT /T 3 /nobreak >NUL 2>&1
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    exit
    
    -And another one asking for confirmation before running, followed by a warning:

    Code:
    @echo off
    
    %windir%\system32\whoami.exe /USER | find /i "S-1-5-18" 1>nul && (
    goto :OK
    ) || (
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"&exit /b >NUL 2>&1
    )
    
    :OK
    schtasks /Delete /TN "CreateExplorerShellUnelevatedTask" /f >NUL 2>&1
    
    echo Are you sure you want to run Explorer as Trusted Installer ?
    @pause
    echo Please use carefully!!
    
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    
    explorer.exe /root,
    
    TIMEOUT /T 3 /nobreak >NUL 2>&1
    Reg.exe delete "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "_RunAs_" /f >NUL 2>&1
    Reg.exe add "HKCR\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}" /v "RunAs" /t REG_SZ /d "Interactive User" /f >NUL 2>&1
    exit
    

    -10/12/2018 v1.7 : Added line to delete "CreateExplorerShellUnelevatedTask" if present.

    -13/12/2018 v2.0 : New "multi-size" icon, now displays well at all sizes.

    Added transparent .png icons, together with CheckUpdates.visualelementsmanifest.xml,
    which add the ability to display a custom transparent tile on your start menu panel, as well as custom background colour for this tile.

    You can edit the .xml file to change tile background color (only accepts hex colour value, no colour name), or change text "color" displayed on big tile (only accepts "dark" or "light" values).
    You can also edit the .png folder, or change with custom ones if you like...

    To reset tile (and see the changes made on your start screen), enter this code in Powershell:
    Code:
    (ls "$env:programdata\Microsoft\Windows\Start Menu\Programs\YOURLINKPATH\YOURLINKNAME.lnk").lastwritetime = get-date
    or if your link is in the "other" start menu :
    Code:
    (ls "$env:appdata\Microsoft\Windows\Start Menu\Programs\YOURLINKPATH\YOURLINKNAME.lnk").lastwritetime = get-date
    * Replace 'YOURLINKPATH' and 'YOURLINKNAME' with your own, of course...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    8,660
    30,539
    270
    BTW, this is better
    Code:
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"&exit /b
    instead
    Code:
    "%~dp0NSudo.exe" -U:T -P:E "%~dpnx0"
    goto :eof
     
  3. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    185
    271
    10
    Thanks! post edited :cool:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. MonarchX

    MonarchX MDL Expert

    May 5, 2007
    1,434
    243
    60
    Awesome! It would be nice if we could just get our freedom and run all of Windows 10 with TI permissions.

    BTW, if, aside from the actual explorer, it allows to launch apps with even greater freedom than NSudo, then can it be integrated into right-click context menu?

    NSudo, through context menu after (NSudo.exe -install), is NOT as permission-allowing as right-clicking on NSudo.exe, selecting Run as Administrator, and then using NSudo.exe. I can't figure out why and NSudo developer linked me to this thread. I'm, again, trying to figure out why..? I simply wanted NSudo.exe to be as powerful permission-wise through right-click context menu as it is through "right-click & Run as Admin" method.

    Its also kind of weird because on my system UAC is disabled, so "As Admin" is kind of worthless, yet again. NSudo is weaker through context menu...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. l33tissw00t

    l33tissw00t MDL Addicted

    Dec 6, 2012
    765
    465
    30
    Thank you, this worked perfectly.
     
  6. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    185
    271
    10
    #6 Thomas Dubreuil, Dec 27, 2018
    Last edited: Dec 27, 2018
    (OP)
    lol...that would be way too dangerous for regular (and even more experiended) user...

    It actually uses NSudo to launch explorer as TI...so any application you will launch through this "explorer shell" will have TI privileges...quite simple, not different in any way to Nsudo...

    it is because NSudo -install DOESN'T parse the right command to registry...I reported that in Nsudo thread. That's also why I made a simple NSudo installer, wich adds the right commands to commandstore + the ability to install anywhere you like : it will add "install path" to environment variables path (windir is already in environment variable path so no need)

    you're pretty confuse and confusing :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. chblock

    chblock MDL Member

    Jan 9, 2017
    234
    133
    10
    P
    Pretty much the same as running around a Unix system as root, something you try to avoid. Though there are times where you need that kind of access. Difference is you can simply sudo to root on Unix then exit back, not something readily built into Windows which can be annoying.
     
  8. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    185
    271
    10
    With the difference that average linux users usually have more "computer skills" than average windows users...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. sebus

    sebus MDL Guru

    Jul 23, 2008
    5,987
    1,824
    180
    That was XP & god, that was awful way of doing things!
     
  10. Thomas Dubreuil

    Thomas Dubreuil MDL Member

    Aug 29, 2017
    185
    271
    10
    Code:
    File : RunExplorerShellAsTrustedInstaller.exe
    Last Update: v.3 - 01/01/2019
    SHA1: BD1C521590019DC28A929290F091F2EAE4D12828
    https://s.put.re/iajFk6Ty.exe
    V.3 note: Now uses NSudoC (launches faster)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...