Hard_Configurator in the present form (ver. 4.0.0.0), works well as an admin tool when started from the Administrator type of account.
Furthermore, all Hard_Configurator settings required to configure any Standard User Account, can be set from Administrator Account (except OneDrive issue).
It is possible to start Hard_Configurator from SUA, but then some issues are visible (reported by the testers):
1. Whitelisting OneDrive on SUA is possible via <Add File>, <Add Folder>, <Add Path *Wildcards> buttons, but is not possible via OneDrive <Add> button.
2. The option <Refresh Explorer> available for Windows 10, does not work properly on SUA. After killing all instances of Explorer, the refreshed Explorer process is running on Admin Account instead of SUA. So, the user on SUA cannot access the Explorer shell (Desktop is not visible), and has to run Explorer manually via Task Manager.
.
The above issues are related to the fact that any application started from SUA with Administrative Rights, is running on Administrator Account. It is not obvious to the user because Windows makes some magic with shared Desktop and the application window is available on SUA while application processes are running on Administrator Account. The magic works for most programs, but not for the Explorer shell.
.
The OneDrive issue can be easily fixed, because the whitelisted path is written to HKLM registry hive (system-wide).
The <Refresh Explorer> issue could be also solved by asking the user for the SUA password. But, I do not like this solution for the privacy reasons. Personally, I do not like applications which are asking for account credentials. I am thinking about keeping <Refresh Explorer> option when only one user is logged to the system (Administrator type of account). In other cases, the <Refresh Explorer> option will be skipped.
It is also possible, to move the <Refresh Explorer> option to SwitchDefaultDeny tool.
