diff --git a/src/main/core/manager.ts b/src/main/core/manager.ts
index e062bf0..2aa99c8 100644
--- a/src/main/core/manager.ts
+++ b/src/main/core/manager.ts
@@ -290,13 +290,7 @@ export async function checkTunPermissions(): Promise<boolean> {
 
   try {
     if (process.platform === 'win32') {
-      const execPromise = promisify(exec)
-      try {
-        await execPromise('net session')
-        return true
-      } catch {
-        return false
-      }
+      return await checkAdminPrivileges()
     }
 
     if (process.platform === 'darwin' || process.platform === 'linux') {
@@ -341,12 +335,25 @@ export async function checkAdminPrivileges(): Promise<boolean> {
     return true
   }
 
+  const execPromise = promisify(exec)
+  
   try {
-    const execPromise = promisify(exec)
-    await execPromise('net session')
+    // 首先尝试 fltmc 命令检测管理员权限
+    await execPromise('fltmc')
+    await managerLogger.info('Admin privileges confirmed via fltmc')
     return true
-  } catch {
-    return false
+  } catch (fltmcError) {
+    await managerLogger.info('fltmc failed, trying net session as fallback', fltmcError)
+    
+    try {
+      // 如果 fltmc 失败，尝试 net session 命令作为备用检测方法
+      await execPromise('net session')
+      await managerLogger.info('Admin privileges confirmed via net session')
+      return true
+    } catch (netSessionError) {
+      await managerLogger.info('Both fltmc and net session failed, no admin privileges', netSessionError)
+      return false
+    }
   }
 }
 
@@ -604,6 +611,13 @@ export async function checkAdminRestartForTun(): Promise<void> {
         const hasAdminPrivileges = await checkAdminPrivileges()
         if (hasAdminPrivileges) {
           await patchControledMihomoConfig({ tun: { enable: true }, dns: { enable: true } })
+
+          const { checkAutoRun, enableAutoRun } = await import('../sys/autoRun')
+          const autoRunEnabled = await checkAutoRun()
+          if (autoRunEnabled) {
+            await enableAutoRun()
+          }
+
           await restartCore()
 
           await managerLogger.info('TUN mode auto-enabled after admin restart')
@@ -635,8 +649,16 @@ export async function validateTunPermissionsOnStartup(): Promise<void> {
     const hasPermissions = await checkMihomoCorePermissions()
 
     if (!hasPermissions) {
-      await managerLogger.warn('TUN is enabled but insufficient permissions detected, auto-disabling TUN...')
+      await managerLogger.warn(
+        'TUN is enabled but insufficient permissions detected, prompting user...'
+      )
+      const confirmed = await showTunPermissionDialog()
+      if (confirmed) {
+        await restartAsAdmin()
+        return
+      }
 
+      await managerLogger.warn('User declined admin restart, auto-disabling TUN...')
       await patchControledMihomoConfig({ tun: { enable: false } })
 
       const { mainWindow } = await import('../index')
diff --git a/src/main/sys/autoRun.ts b/src/main/sys/autoRun.ts
index 4c3d55b..654cdd1 100644
--- a/src/main/sys/autoRun.ts
+++ b/src/main/sys/autoRun.ts
@@ -9,7 +9,8 @@ import { managerLogger } from '../utils/logger'
 
 const appName = 'mihomo-party'
 
-function getTaskXml(): string {
+function getTaskXml(asAdmin: boolean): string {
+  const runLevel = asAdmin ? 'HighestAvailable' : 'LeastPrivilege'
   return `<?xml version="1.0" encoding="UTF-16"?>
 <Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
   <Triggers>
@@ -21,7 +22,7 @@ function getTaskXml(): string {
   <Principals>
     <Principal id="Author">
       <LogonType>InteractiveToken</LogonType>
-      <RunLevel>LeastPrivilege</RunLevel>
+      <RunLevel>${runLevel}</RunLevel>
     </Principal>
   </Principals>
   <Settings>
@@ -83,9 +84,9 @@ export async function enableAutoRun(): Promise<void> {
   if (process.platform === 'win32') {
     const execPromise = promisify(exec)
     const taskFilePath = path.join(tmpdir(), `${appName}.xml`)
-    await writeFile(taskFilePath, Buffer.from(`\ufeff${getTaskXml()}`, 'utf-16le'))
     const { checkAdminPrivileges } = await import('../core/manager')
     const isAdmin = await checkAdminPrivileges()
+    await writeFile(taskFilePath, Buffer.from(`\ufeff${getTaskXml(isAdmin)}`, 'utf-16le'))
     if (isAdmin) {
       await execPromise(`%SystemRoot%\\System32\\schtasks.exe /create /tn "${appName}" /xml "${taskFilePath}" /f`)
     } else {
diff --git a/src/renderer/src/components/sider/tun-switcher.tsx b/src/renderer/src/components/sider/tun-switcher.tsx
index 1259dc9..4e95df7 100644
--- a/src/renderer/src/components/sider/tun-switcher.tsx
+++ b/src/renderer/src/components/sider/tun-switcher.tsx
@@ -75,6 +75,9 @@ const TunSwitcher: React.FC<Props> = (props) => {
       }
 
       await patchControledMihomoConfig({ tun: { enable }, dns: { enable: true } })
+      if (enable && appConfig?.silentStart) {
+        await window.electron.ipcRenderer.invoke('enableAutoRun')
+      }
     } else {
       await patchControledMihomoConfig({ tun: { enable } })
     }