Does task manager run as administrator by default on Windows 10?
Does task manager run as administrator by default on Windows 10?
Only if it is being run from an administrator account. Ben N's answer below has a great explanation of how this is actually implemented.
If I had ran task manager as an administrator, would it have still gave me this "Access is Denied" message?
Yes. There are plenty of processes that even an administrator is not permitted to end. Furthermore, trying to end a non-existent task also produces this error message.
If the reason you had got the "Access is Denied" message was due to Task Manager not running as Administrator, you would get this very explicit message telling you so:
Furthermore, is there any difference between running it as administrator or not?
Yes, but you'd have to run it from a non-administrator account to see it.
Incidentally all the above behaviours are exactly the same as in Windows 8/8.1
The existing answer is very good. I'll provide some technical details, for those that like such things.
Taskmgr.exe
(in \Windows\System32
) is the program that is run when you call for Task Manager. Inspecting it with a hex editor, I discovered that its manifest sets requestedExecutionLevel
to highestAvailable
. This means that if you are running as a local admin, Task Manager will require you to elevate. You can easily demonstrate this by setting UAC to the highest level and pressing Ctrl+Shift+Esc to launch Task Manager, noting that it produces an elevation prompt. If UAC is not at the highest level, Task Manager can silently elevate because it's an integral Windows component. In short, yes, Task Manager runs as admin by default when possible.
highestAvailable
(as opposed to requireAdministrator
) allows non-admins to run the program without being asked to elevate, but they of course won't be able to do anything administrative from it.
A quick-and-dirty way to see if a program is running elevated is to enable the UAC virtualization column in the Details tab of Task Manager. If and only if a process's entry in that column is Not allowed, then it is elevated. (Administrative processes cannot be compatibility-redirected.) You could also check whether it has the powerful privileges (e.g. SeSecurityPrivilege
) using Sysinternals Process Explorer.
In response to your question about still being denied access to some processes, Windows has a concept of protected processes that absolutely cannot be touched from user mode, not even by processes running as SYSTEM
; the protection is enforced by the kernel. Only essential system services get this kind of guarding. One such process is csrss
.