How to Launch Windows Explorer with Elevated Privileges for Admin Directory Access Without Modifying ACLs


2 views

As system administrators, we frequently encounter situations where we need to browse directories where standard users lack read permissions. The User Account Control (UAC) mechanism in Windows creates an interesting paradox:

  • When accessing protected directories as admin, we get the "You don't currently have permissions" dialog
  • Clicking "Continue" modifies ACLs - which is often undesirable
  • Command-line alternatives (dir, tree, icacls) become cumbersome for complex directory structures

Several approaches have been attempted with limited success:

# UNC path attempt (doesn't work locally)
explorer.exe \\\\localhost\\c$\\protected_folder

# RunAs administrator (launches separate session)
runas /user:Administrator "explorer.exe /separate"

The fundamental issue is that Windows prevents elevation of Explorer instances through normal means due to security constraints in the ShellExecute API.

Here are three actionable solutions that preserve system integrity:

1. Shortcut Method (Temporary Elevation)

Create a shortcut with these properties:

Target: %windir%\System32\cmd.exe /c start explorer.exe
Start in: %windir%
Shortcut key: None
Run: Run as administrator

2. Scheduled Task Approach

Create a task with elevated privileges:

schtasks /create /tn "ElevatedExplorer" /sc onlogon /tr "explorer.exe" /rl highest

3. PowerShell Elevation Script

Save this as Launch-ElevatedExplorer.ps1:

Start-Process -FilePath "explorer.exe" -Verb RunAs -ArgumentList "/separate"
while (-not (Get-Process explorer -IncludeUserName | Where-Object {$_.UserName -match "SYSTEM"})) {
    Start-Sleep -Milliseconds 500
}

For environments where registry modification is allowed:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]
@="Open as Administrator"
"HasLUAShield"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F && pause"

Before implementing any elevated access solution:

  • Audit the security implications for your specific environment
  • Consider creating time-limited elevation tokens
  • Log all elevated access attempts through Windows Event Log

Remember that persistent elevation solutions should only be implemented in controlled admin environments, not on multi-user systems.

As system administrators or power users, we frequently encounter situations where Windows Explorer refuses to display directory contents due to permission restrictions. The User Account Control (UAC) mechanism in Windows intentionally strips administrative privileges from Explorer sessions, creating a frustrating gap between our permissions and our ability to browse protected directories.

The conventional workarounds present significant drawbacks:

  • ACL Modification: Temporarily changing folder permissions pollutes the security configuration and leaves audit trails
  • Command Line Alternatives: While tools like dir /s or PowerShell's Get-ChildItem work, they lack Explorer's visual interface and navigation efficiency

Here are three enterprise-friendly approaches that don't require registry modifications:

Method 1: Scheduled Task Workaround

Create a scheduled task that launches Explorer elevated:

schtasks /create /tn "ElevatedExplorer" /tr "explorer.exe" /sc onlogon /rl highest /f

Then execute it when needed:

schtasks /run /tn "ElevatedExplorer"

Method 2: PowerShell Launcher

Create a PowerShell script (ElevatedExplorer.ps1):

Start-Process -FilePath "explorer.exe" -Verb RunAs -ArgumentList "shell:AppsFolder\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App"

This launches Explorer with full admin privileges while maintaining the standard interface.

Method 3: Context Menu Integration

For a more seamless experience, add a right-click option:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\runasexplorer]
@="Open as Elevated Explorer"

[HKEY_CLASSES_ROOT\Directory\shell\runasexplorer\command]
@="powershell -windowstyle hidden -command \"Start-Process explorer.exe -Verb RunAs -ArgumentList '%1'\""

For system administrators managing multiple machines, consider these scalable solutions:

  • Deploy a Group Policy Preference to create the scheduled task across the domain
  • Package the PowerShell script as a deployed application via SCCM or Intune
  • Create a custom MMC snap-in that incorporates elevated file browsing capabilities

While these methods solve the immediate problem, remember that:

  • Elevated Explorer sessions increase security risks if left running
  • Audit all elevated access to sensitive directories
  • Consider implementing Just-In-Time (JIT) elevation for critical systems