In a perfect world, all programs should be running without asking local admin privileges. And then all users can be a regular standard user without any local admin rights. But in the real world, however, we still need to deal with applications that constantly ask for local admin rights.
LUA Buglight, a utility from Microsoft for identifying admin-permission issues, released a version 2.3 that supports for both Windows 8.1 and Windows 10. It’s a tool that helps you troubleshoot this very problem and identify the specific reasons that a particular application works only when running with elevated rights.
It’s a portable tool that doesn’t require additional installation or DLL files. But it does need to be run under a member of the local admin group with UAC enabled.
Double-click the executable file to run it without elevation, specify the executable of the application to test, and click Start.
Then run the program and test all functionals within the application. And click the Stop Logging button when done testing. An LUA Buglight Report window pops up showing issues found during the test.
Behind the scene,
LUA Buglight runs the target program with standard-user rights. When it detects an API failing with “access denied” or “privilege not held”, it impersonates the user’s admin/elevated token (obtained when it prompted for UAC elevation) and repeats the operation before returning control back to the program. If the API call failed with standard user rights and succeeded with administrative rights, LUA Buglight logs details about the API call, including all parameters of interest and the call stack.
Frankly, for some reason, I didn’t know such a tool existed until recently. So I hope it will help you down the road.