Google Search [MDB-Blog]


Wednesday, January 2, 2013

NSIS - Launch a program as user from UAC elevated installer

NSIS - Launch a program as user from UAC elevated installer

I noticed that if a program is running as UAC elevated (admin or high user privileges), 
any opening process by this process will get the same privileges as the executing program,
which means, that any process opened by this UAC elevated program will be elevated also.

I found a solution for it, for opening the process UN-ELEVATED from ELEVATED running program.
I show this information as for NSIS installer, but can be used in ANY development environment (C#, NSIS, C++, JAVA, VB, and any).

The idea is to run the process in UN-ELEVATED mode, using windows's file explorer process `explorer.exe` (info).
Lets say the process that we want to launch is on `$TEMP\MyUnElevatedProcess.exe`.
So, for NSIS code, I will just write:

Exec '"$WINDIR\explorer.exe" "$TEMP\MyUnElevatedProcess.exe"'

And this will do the work...
The process `MyUnElevatedProcess.exe` will run with same ELEVATION that have your windows login, as have `$WINDIR\explorer.exe`.

Execute with parameters:
In addition, if the UN-ELEVATED process need to executed with parameters, you will need to create another file that executes the UN-ELEVATED process (for example a BATCH file which just run the process with the command line parameters).
a good example can be:
; assuming that the file `MyUnElevatedProcess.exe` exists on `$TEMP\`

; create shortcut with ARGUMENTS
CreateShortCut "$TEMP\Shortcut.lnk" "$TEMP\MyUnElevatedProcess.exe" "/arg1 /arg2 /arg3"

; execute the file NON elevated
Exec '"$WINDIR\explorer.exe" "$TEMP\Shortcut.lnk"'

if your main program (the executing), is not ELEVATED, this logic is not relevant, because then you can just run `Exec` (open-process function in NSIS) which will have the same elevation as your process.

I hope it helps,


  1. It works. Thank you very, very much.

  2. This is a fantastic technique that many were unaware of. Thanks for sharing it! One caveat though: If you run "Explorer.exe YourApp.exe" on Windows XP, there will be two Authenticode security prompts shown before the application loads.

  3. Unfortunately, the Windows Shell team has replied that the current behavior of "Explorer.exe AppName.exe" is a bug and may not work in future updates/versions of Windows. Applications should not rely upon it.

  4. Any chance to get this working together with the MUI_FINISHPAGE_RUN macro?

    1. To answer my own question:

      !define MUI_FINISHPAGE_RUN "$WINDIR\explorer.exe"
      !define MUI_FINISHPAGE_RUN_PARAMETERS "$TEMP\MyUnElevatedProcess.exe"

      worked for me.

    2. To embedd your parameters inside quotes (if they contain blanks), use the



      !define MUI_FINISHPAGE_RUN_PARAMETERS '$\"$TEMP\MyUnElevatedProcess.exe$\"'