Does Sandman.exe handle admin elevation differently since v1.14.3?

[e-t-l]

Describe what you noticed and did

After updating SBIE+ from v1.13.7 to v1.14.3, any time I try to edit a sandbox I get an error about admin privileges, and I need to relaunch Sandboxie as Admin. I did not have to do that before, which means that previously, either 1) Sandboxie was not requiring admin permission at all, or 2) Sandboxie was launching as administrator automatically at boot.

(I commented about this in the Discussions > Announcements thread for the v1.14.3 release but never got a response.)

How often did you encounter it so far?

Every time I attempt to edit a config in SBIE+

Expected behavior

The configuration change can be applied/saved without throwing an error and requiring a restart of SBIE+.

Affected program

Not relevant

Download link

Not relevant

Where is the program located?

Not relevant to my request.

Did the program or any related process close unexpectedly?

No, not at all.

Crash dump

No response

What version of Sandboxie are you running now?

1.14.3 64-bit

Is it a new installation of Sandboxie?

I just updated Sandboxie from a previous version (I remember which one it is).

Is it a regression from previous versions?

The issue was introduced in v1.13.7 64-bit

In which sandbox type you have this problem?

Not relevant to my request.

Can you reproduce this problem on a new empty sandbox?

Not relevant to my request.

What is your Windows edition and version?

Windows 11 Enterprise 23H2 64-bit

In which Windows account you have this problem?

A local account (Administrator).

Please mention any installed security software

Avast One

Did you previously enable some security policy settings outside Sandboxie?

No.

Trace log

No response

Sandboxie.ini configuration

[GlobalSettings]
Template=WindowsRasMan
Template=OfficeClickToRun
Template=OfficeLicensing
Template=WindowsLive
Template=WindowsDefender
ForceDisableSeconds=600000
PreferExternalManifest=msedge.exe,y
PreferExternalManifest=Spotify.exe,y
Template=Chrome_KB5027231_fix
Template=Avast_Antivirus
Template=Edge_Fix
OpenClsid={D713F357-7920-4B91-9EB6-49054709EC7A}
DisableWinNtHook=CreateEnclave
DisableWinNtHook=LoadEnclaveData
DisableWinNtHook=InitializeEnclave
DisableWinNtHook=CallEnclave
DefaultBox=DefaultBox
FileRootPath=\??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
KeyRootPath=\REGISTRY\USER\Sandbox_%USER%_%SANDBOX%
IpcRootPath=\Sandbox\%USER%\%SANDBOX%\Session_%SESSION%
SandboxieLogon=y
EditAdminOnly=y
ForceDisableAdminOnly=y
ExternalManifestHack=msedge.exe,y
NoRestartOnPCA=y
ApproveWinNtSysCall=LoadKeyEx
FakeAdminRights=explorer.exe,n

[e-t-l]

Followup: I notice that in my Windows Task Manager (in the Details tab), there are two instances of "Sandman.exe" running: the first says "C:\Program Files\Sandboxie-Plus\SandMan.exe" -autorun in the "Command Line" column and it is NOT running elevated; the second says just "C:\Program Files\Sandboxie-Plus\SandMan.exe" under "Command Line" and it IS running elevated. So it seems that for some reason, although I am using an administrator account and installed SBIE+ as Admin, SBIE+ is not starting elevated when it runs automatically. (I do have EditAdminOnly=y in my global config, because that seems like a basic security measure to have in place.)

What is the most straightforward way to make Sandboxie+ autorun with elevation so that I don't have to restart Sandman.exe every time I want to make a small config change?

[offhub]

Admin bug fixed in version 1.14.4.

[offhub]

What is the most straightforward way to make Sandboxie+ autorun with elevation so that I don't have to restart Sandman.exe every time I want to make a small config change?

Task Scheduler?

[DavidXanatos]

Should I add such a task scheduler workaround as an option to the UI?

[e-t-l]

Should I add such a task scheduler workaround as an option to the UI?

@DavidXanatos I think like Offhub said it was actually a bug specific to 1.14.3 that was fixed in 1.14.4, because after running the 1.14.4 installer again it looks like SBIE is starting properly elevated. So I don't think a UI tweak is necessary, although if you've already added it in I don't think it would hurt.