Getting console2 to work nicely with UAC

I would like to get console2 to work nicely with UAC

Particular problems I would like to tackle:

  • If I start non-elevated, have a way to elevate while running. It'd be especially nice if I could elevate individual tabs
  • I would like to get different coloring for admin/non-admin, similar to: this link. Basically, if I can get the console to execute a command on startup (similar to the HKLM\Software\Microsoft\Command Processor\AutoRun registry value), that's all I need

How do I get this working? Would I have to modify source code to get this to work, or can I use different tab settings/do hacks w/ shell executables?

I am using Windows 7, although I would imagine any working solution would also work on Vista.


Solution 1:

Do you want to try ConEmu? I'm an author of this console emulator. You may run selected tabs elevated, or under specified credentials. And you may specify different palette for elevated consoles (or specified applications).

New tab parameters

Solution 2:

I solved part of it.

I would like to get different coloring for admin/non-admin

For some reason, bcdedit.exe is not showing up in the system32 directory when running within Console2 (Not sure why?). So, I had to find another command instead of using the one I found at the link in my question. I found another "do-nothing" command that would allow me to differentiate between admin/non-admin, that is visible in Console2.

In Console2, I set the shell option to:

%ComSpec% /k secedit /validate %ComSpec:cmd.exe=%ieuinit.inf >nul 2>nul && (color FC && title ADMIN) || (color 07 && title NONADMIN)

As far as this question...

If I start non-elevated, have a way to elevate while running. It'd be especially nice if I could elevate individual tabs

There are already a planned feature and related feature requests.

You can't work around this at this point. You can't start the app as LUA, and simply elevate specific prompts, because Console2 can't subsume applications w/ higher level access. It will only work the other way around. I think it would require the program to run elevated, but start via a non-elevated process, so it can shim in and start a non-elevated process. This is sometimes called a bootstrap.

I have tried PsExec, and it didn't work quite right. It stripped some admin rights out, but was still using an elevated token.

Basically, it won't be possible to get both elevated and LUA consoles in tabs of the same Console2 session, without a source change. But you can simply click the taskbar icon or shortcut with Ctrl + Shift + Click to launch as admin in a separate session.

Edit: I found that if you're using ansicon along with a command line tool that outputs color (like git), then this will be slightly broken. Try this command instead:

%ComSpec:cmd.exe=%secedit.exe /validate %ComSpec:cmd.exe=%ieuinit.inf >nul 2>nul && (color FC && title ADMIN) || (color && title NONADMIN)

If you're in admin mode, the red color will override the colors the command outputs, but there isn't an easy way to fix this. However I find that you shouldn't be doing a lot of work in admin mode anyhow. Hence UAC and hence the special colors we're adding.