What's the difference between running a program as a domain administrator account and running a program as a "Run as administrator" in Windows 7?

Solution 1:

This is really a matter of learning what the security tokens are on Windows these days, but I'll copy/paste an answer from SO found here: https://stackoverflow.com/questions/8986971/what-precisely-does-run-as-administrator-do since it isn't possible to close as dupe cross-site.

When you log on Windows creates an access token. This identifies you, the groups you are a member of and your privileges. And note that whether a user is an administrator or not is determined by whether the user is a member of the Administrators group.

Without UAC, when you run a program it gets a copy of the access token, and this controls what the program can access.

With UAC, when you run a program it gets a restricted access token. The is the original access token with "Administrators" removed from the list of groups (and some other changes). Even though your user is a member of the Administrators group, the program can't use Administrator privileges.

When you select "Run as Administrator" and your user is an administrator the program is launched with the original unrestricted access token. If your user is not an administrator you are prompted for an administrator account, and the program is run under that account.

Credit to: arx

See here for more reading:

How User Account Control Works

User Account Control Documentation