I liked TW1, but Two Worlds 2 wants to run as administrator.

About 5% of the games I bought from GOG have this very annoying behaviour and I do not play them.
It is a comma-22 situation:
- Software that requires admin rights without good reason is badly-programmed software.
- I will not give admin rights to badly-programmed software (especially on a machine I also use for work).

I found no hints tracing with ProcessMonitor, I suspect this could be a residual from some protection system (which would make the thing twice as bad, because some protection systems can foul up the CD drivers).

Does anyone know of a way to run TW2 as normal user?

Ah finally, I'm not the only one refusing to run games with admin privileges !

I didn't play TW2 yet (despite having bought it years ago lol), not because such a privilege problem, but because I had other things to do, so I won't give you TW2-specific hints here, but considering I've always been able to run games as non admin, I'm rather confident there's a solution here.

I don't know precisely why you can't run TW2 as non admin, I guess either it doesn't run properly or you immediately get a UAC elevation prompt, but in either case there's one solution that almost always work, that is applying the RUNASINVOKER application compatibility layer.

Doing this is fairly simple, start the registry editor, navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

Then create a new string value (REG_SZ) here, whose name should be the full path to the executable, the string data being, or containing, RUNASINVOKER. I see you have other GOG games installed, so you will very likely find many other entries here already, referring to the HIGHDPIAWARE compatibility layer (GOG seems to have an OCD with this). It is likely that the TW2 entry is there already, but you can have two or more space-separated layers applied to a single executable.

If you want the change to apply to the current user instead of all users, you can refer to the following registry key instead, which requires only the current user's rights to be modified :
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

The RUNASINVOKER compatibility layer does two things, 1) it overrides the requested execution level in the executable manifest (that can be set to asAdmin, hence the admin prompt), and 2) it activates UAC virtualisation for the executable, which means that whenever the program tries to write to the program files directory or a few others and doesn't have the rights to do so (which is normal), the write is still accepted but redirected transparently to a user-specific location. That often solves programs not running properly or crashing as non admin.

In case you only want to remove the admin prompt and not activate UAC virtualisation, you should edit the executable manifest with tools such as CFF Explorer and change the requested execution level to "asInvoker".

If the game is installed in a non-standard location, such as D:\Program Files (x86) instead of C:\Program Files (x86), the non-standard location isn't managed by UAC virtualisation hence no matter if it's activated or not, any write attempts there with no filesystem privileges will result in an access refused error. However, that location can be registered, so if it's your case tell me, and I will tell you how to.

NovHak, a thousand thanks! The game now starts as normal user :-) Yes, I got an UAC elevation prompt. I admit I'm not too knowledgeable about the internals of Windows: I didn't know of RUNASINVOKER, so I did some reading. I actually did this to try out your solution:

D:\G\Two Worlds II Velvet Edition>set __COMPAT_LAYER=RunAsInvoker
D:\G\Two Worlds II Velvet Edition>TwoWorlds2.exe Thanks for the very useful information. You guessed right: I like to understand what's going on :-)
Also thanks for the hint about CFF Explorer. Interesting tools are always welcome. I install games in D:\G\ but I have given my user full permissions there.
I know this is not an ideal situation from a security standpoint, so I am interested in how to register a location to activate virtualization there (e.g. for save files for some older games). A pointer will be enough, you already did a lot to help me both play more games and learn something new :-)

I'm glad to help !

Eventually I learned something from your post, since I didn't know it was possible to apply compatibility layers through environment variables...

Regarding the registration of new UAC virtualisation places I can't send you pointers here, since I discovered it in an O'Reilly book some time ago, didn't see the info anywhere else and confirmed it somehow through hex dumping of the UAC virtualisation filesystem filter driver, luafv.sys. That's the problem with closed systems, information can be difficult to find sometimes...

But back to the point, to register a new directory, you have to modify the registry. In my case, I wanted to register D:\Program Files (x86), that's what I did :

----- COPY AFTER THIS LINE-----
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv\Parameters\FileList\Device]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv\Parameters\FileList\Device\HarddiskVolume2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv\Parameters\FileList\Device\HarddiskVolume2\Program Files]
"Exclude"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv\Parameters\FileList\Device\HarddiskVolume2\Program Files (x86)]
"Exclude"=dword:00000000

----- COPY UP TO BEFORE THIS LINE ---

This is an export of my personal registry settings, I hope it's clear enough. You will notice two directories have been added eventually : D:\Program Files (x86) and D:\Program Files, make changes as you wish.

But before this, you have to determine another piece of information about the volume pointed by the drive letter D on your system, that's called the physical device object name. In my case it's HarddiskVolume2, but it can be different for you, since it's unrelated to the drive letter. For this purpose, you can use the filter manager command line tool, fltmc.

Start an admin command prompt, then type :

fltmc volumes

You should get something similar to this :

Nom DOS Nom du volume Sys. fich. Statut
------------------------------ --------------------------------------- ---------- --------
\Device\Mup Remote
C: \Device\HarddiskVolume6 NTFS
D: \Device\HarddiskVolume2 NTFS
\Device\HarddiskVolume3 NTFS
\Device\NamedPipe NamedPipe
\Device\Mailslot Mailslot
\Device\HarddiskVolume4 FAT

On my system you can see that C: corresponds to \Device\HarddiskVolume6, and D: to \Device\HarddiskVolume2. Check the output on your system, and make changes accordingly. Then, reboot your system. Not shutdown-power on, reboot. That's because of the fast startup feature of Windows (appeared with Windows 7, enabled by default but can be disabled), when the system is shut down, before it's powered off, system processes don't really exit, their state is just saved on disk and restored when powered back on. Anyway... once the system is rebooted, you should be fine.

One last thing, in the not-so-unlikely case you have a 64-bit system, the RUNASINVOKER compatibility layer won't activate UAC virtualisation on 64 bit executables. That's because UAC virtualisation was originally designed to mitigate problems with old software trying to write to places where it was permitted at the old times of Windows 98/Me and before. 64-bit software is deemed new so should not need this MS thought, but truth is some developers still develop as if the Win98 security model was current (fortunately this is becoming rare nowadays).

However, it's still possible to activate UAC virtualisation, but to my current knowledge it has to be made by hand each time the program is started, from the task manager. In the details tab you can right-click on the process and choose "User account control virtualisation". But the problem is you have to start the process for it to appear in the task manager, and it may already have tried to write to forbidden places and got access refused errors, in which case you may come too late. Fear not, there's a solution for this, you should apply what is called a "non blocking apphelp message" to the executable, this can be done with Microsoft's Application Compatibility Toolkit, that's part of Microsoft's Assessment and Deployment Kit (ADK) for Windows 8.1.

With a nonblocking apphelp message attached, when you try to run the program, the process is created and visible in the task manager, but it's in a suspended state and a popup appears. Then you can activate UAC virtualisation, and choose to continue running the program from the popup message.

Well, that's a fine wall of text here, but that's it finally !

Thanks again for all the useful information!
(I also did not know about fltmc and the apphelp trick).

Running Win10x64, version 1511 (build 10586.14), and neither TW2 Velvet Edition or TW1 Epic Edition require admin mode to run--of course, I'm running both from an Admin account.