Hello Everyone, It is not possible for built-in Administrator to run Store Apps since no split token is available. This setting: User Account Control: Use Admin Approval Mode for the built-in Administrator account > Disabled Admin has full access this way (regardless of "User Account Control: Run all administrators in Admin Approval Mode" setting). But Store Apps won't run. Does anyone know a workaround without affecting that setting? In another forum, the following advice was given. Something to this affect. PS: Please do not post about how compromised security is going to be. This is my choice.
Another idea would be: For Store Apps, right click "Run As User"... so that we can run as another user apart from Administrator. Does not look possible so far.
More testing: User Account Control: Use Admin Approval Mode for the built-in Administrator account > ENABLED: Apps start Elevated CMD: taskkill /im:explorer.exe /f Elevated CMD: explorer.exe Apps won't start.
Progress: Make a shortcut to explorer. I already have this in my Quick Launch: Target: %windir%\explorer.exe /n, e/,Z:\ Choose Properties > Advanced > Run as Administrator Then: Code: subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /setowner=builtin\administrators subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /grant=builtin\administrators=F reg delete HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /f /v RunAs reg add HKLM\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /v LoadUserSettings /t REG_DWORD /d 1 subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /grant=builtin\administrators=R subinacl /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} /setowner="NT SERVICE\TrustedInstaller" User Account Control: Use Admin Approval Mode for the built-in Administrator account > ENABLED Apps start. Enabling Admin Mode Approval is making explorer shell run with MEDIUM integrity. So apps work. With the explorer modification, we are starting new instances of explorer.exe with HIGH integrity. So no restrictions in browsing through the filesystem. Since it explorer is the parent process, any programs started from context menu (WinZip, for example) are also starting with HIGH priviledges. So far this seems to be the best solution I found to keep Store Crap running and also have access to my filesystem without being bugged.
This probably isn't very helpful, but I searched long and hard for a way to do this shortly after Windows 10 Technical Preview was available, and I actually found a TechNet Q&A where a MS rep (maybe just a VIP) posted a very obscure registry entry that allowed the Built-In Administrator to run store apps. It did work, but obviously I've reinstalled a few(lol) times since. I can't for the life of me remember exactly what the registry entry was nor am I able to find it again on TechNet. It was a 3 or 4 letter key in all caps(an acronym of sorts), I believe it started with an M or a W and it was somewhere pretty close to the root of the HKLM\Software\Microsoft key. I want to say that the key was already there, with nothing in it, and I needed to add a value.. In hindsight, the drugs were still worth it!
Does this key sound familiar? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI "double click on 'Default' and change the value to 0x00000001(1)"