Process privileges elevation on runtime with Win7 UAC?
-
Hi, I have a manifest with "asInvoker" privileges, the application will then run under a non-privileged token and no UAC dialog pops up at start. But there is one functionality where the application needs higher privileges later, right now this API call fails with
ERROR_ACCESS_DENIED. I would like to change the application so that only for this functionality the UAC dialog pops up.... elevate process privileges for a short time. Apparently you have to create a new process, then perform administrative tasks and return to your first process (MSDN, Stackoverflow). I am new to UAC, there isn't any simpler way? Cheers :) -
Hi, I have a manifest with "asInvoker" privileges, the application will then run under a non-privileged token and no UAC dialog pops up at start. But there is one functionality where the application needs higher privileges later, right now this API call fails with
ERROR_ACCESS_DENIED. I would like to change the application so that only for this functionality the UAC dialog pops up.... elevate process privileges for a short time. Apparently you have to create a new process, then perform administrative tasks and return to your first process (MSDN, Stackoverflow). I am new to UAC, there isn't any simpler way? Cheers :) -
Hi, I have a manifest with "asInvoker" privileges, the application will then run under a non-privileged token and no UAC dialog pops up at start. But there is one functionality where the application needs higher privileges later, right now this API call fails with
ERROR_ACCESS_DENIED. I would like to change the application so that only for this functionality the UAC dialog pops up.... elevate process privileges for a short time. Apparently you have to create a new process, then perform administrative tasks and return to your first process (MSDN, Stackoverflow). I am new to UAC, there isn't any simpler way? Cheers :)The execution privilege is associated with a process token. This is the reason why the manifest property is ignored if given to a DLL. So you will either need to run the first process entirely with admin privileges or use a second program like you said.
«_Superman_»
I love work. It gives me something to do between weekends. -
Hi, I have a manifest with "asInvoker" privileges, the application will then run under a non-privileged token and no UAC dialog pops up at start. But there is one functionality where the application needs higher privileges later, right now this API call fails with
ERROR_ACCESS_DENIED. I would like to change the application so that only for this functionality the UAC dialog pops up.... elevate process privileges for a short time. Apparently you have to create a new process, then perform administrative tasks and return to your first process (MSDN, Stackoverflow). I am new to UAC, there isn't any simpler way? Cheers :)It is very comfortable, to let an app run "asInvoker" :) However, it needs a service helper (started by SYSTEM) for the admin calls... Not before (only there) you can call, for example,
::AdjustTokenPrivileges(..):)virtual void BeHappy() = 0; -
Moak wrote:
I am new to UAC, there isn't any simpler way?
AFAIK, no; not unless you want to run the entire app with admin privileges.
L u n a t i c F r i n g e
Thanks everyone for their feedback! :)
-
It is very comfortable, to let an app run "asInvoker" :) However, it needs a service helper (started by SYSTEM) for the admin calls... Not before (only there) you can call, for example,
::AdjustTokenPrivileges(..):)virtual void BeHappy() = 0;I haven't coded my test program yet, from what I read creating another process with
ShellExecuteExand "runas" should do the runtime elevation. Can I ask, what for would I useAdjustTokenPrivileges()in an elevated process?