Launching a non-elevated process from an elevated one...
-
Is it just me, or is there really no good way to launch a non-elevated process from an elevated one? First I read about the Task Scheduler[^] approach, and now about the Remote Code Injection[^] method. (I'm not trying to attack the author here; the articles themselves are well-written but the method is hackish and unreliable.) Vista obviously can launch a program using whatever permissions it wants. (Proof: There exists a first non-elevated program on the system) And launching a program as a non-elevated user seems to be just a matter of messing with the process's security descriptors, etc. So why are the only methods (that I've seen) so hack-ish? The Task Scheduler approach relies on the Task Scheduler service being started. If it's disabled, you're out of luck, your program crashes, etc. A Bad Thing. The remote code injection approach relies on message hooks being injected into other processes. While that is unlikely to change due to the massive amount of compatability problems that woud ensue, it still could. Today's processors are fast enough where the performance impact of a context switch would not be as terrible as it was in 1994. It would be interesting if Raymond Chen blogged about this. It's not in his area of expertise, but those who read his blog know he'd have some strong words to say about these approaches... Anyone know? Michael