Not working. A command prompt briefly appears but immediately disappears, for either RunAsTI.exe or RunAsTI64.exe

[regexaurus]

What I see when attempting to run from administrative command prompt:

C:\Users\Administrator\Desktop>RunAsTI64.exe AdjustTokenPrivileges for SeImpersonateName: Not all privileges or groups refere nced are assigned to the caller.

LsaAddAccountRights 0x00000521 Warning: The right was probably not added correctly to your account Running in session: 1 Success CreateProcessWithTokenW created new process: 3680

C:\Users\Administrator\Desktop>RunAsTI.exe AdjustTokenPrivileges for SeImpersonateName: Not all privileges or groups refere nced are assigned to the caller.

LsaAddAccountRights 0x00000521 Warning: The right was probably not added correctly to your account Running in session: 1 Success CreateProcessWithTokenW created new process: 3912

[regexaurus]

This was tested on Windows 2012 R2 Standard.

[joomlafab]

Hi. Just in case this may help. I have the same problem when I use RunAsTI from a Remote Desktop Connection on Windows 10, but when I connect physically to the machine, RunAsTI works perfectly.

[regexaurus]

That was helpful, thanks! Tried this again today (RDP / mstsc.exe) with the same results--command prompt disappears. If I instead use Hyper-V Manager - Virtual Machine Connection (working with Hyper-V VMs), the command prompt doesn't disappear. I still see this:

AdjustTokenPrivileges for SeImpersonateName: Not all privileges or groups referenced are assigned to the caller.

LsaAddAccountRights 0x00000521 Warning: The right was probably not added correctly to your account Running in session: 1 Success CreateProcessWithTokenW created new process

Also, when testing on a Windows 10 machine, Windows Defender flags/quarantines RunAsTI64.exe as Trojan:Win32/Rundas.B. Not exactly confidence inspiring...

[Dacpm]

Any decent antivirus will flag this program as a risk because it is designed to bypass some 'nanny' security features in Windows.

Thank you for the tip to NOT run it in a remote session - running it over RDP fails. I was able to run it on Windows 10 version 1703 and execute commands as TrusterInstaller by logging into the primary session on my machine. This allowed me to modify the registry keys controlling the 'Open Command Window Here' menu option on drives and folders so that I get the options without having to press Shift first. It is ridiculous that Microsoft saw fit to block this option in Windows 10...

[Symbai]

I ran this tool on my local computer and have the same error as @regexaurus

[klepp0906]

just googled and found this myself. same error ran locally. was just testing it out before i set a path

[klepp0906]

would this have any effect?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "LocalAccountTokenFilterPolicy"=dword:00000001

its required to do remote operations like shutdown etc, unable to test but without someone involved replying, its the best i got to offer :P

[JCBuck]

Hi. Just in case this may help. I have the same problem when I use RunAsTI from a Remote Desktop Connection on Windows 10, but when I connect physically to the machine, RunAsTI works perfectly.

A really hacky workaround is to run a script to switch the RDP session to the console session but run the runasti command after

use qwinsta to determine ID for the Active session (typically rdp-tcp#... for sessionname) then, as an example, the ID was 2, run:

tscon 2 /dest:console && RunAsTi64.exe notepad

Then relogin via RDP and it should have started. (This trick was useful to also start graphical applications requiring a dedicated gpu)

[CalculonPrime]

I am getting the same failure as others report (window appears briefly and then goes away) and am NOT running over RDP. I am logged in locally directly to the machine. I also observe that RunX and AdvancedRun, two other tools for becoming TrustedInstaller also fail. So obviously, some setting on my machine is blocking it, but what? Windows 10 22H2.