Securely invoking commands with admin rights under Windows

Question

I need to punctually invoque commands ( net share , netsh ...) requiring admin rights from a software launched by a user account.

Under a Unix variant, I would install alongside my user mode software a small, cautiously written script bearing a suid bit and which would invoke the needed command(s).

What is the equivalent best practice under Microsoft Windows? I would especially be interested in a Vista friendly, but XP compatible solution.

Answer 1

One method could be to have a service that runs with administratively privileges. Then from your application, tell the service to invoke those commands. I'm assuming that you do not want the user to be required to know administrative credentials.

Answer 2

As BobbyShaftoe says, the canonical way to solve this problem in Windows is via a service, since services by default execute under the LocalSystem account. Any other method is going to need to logon as an admin user, which would require credentials.

The additional bit of information that you'd need for Vista is that the client application would need to talk to the service via some form of IPC that can cross session boundaries, since on Vista the console and services are in different sessions. The normal IPC method used in this case is a named pipe.

The same solution will work fine in XP.

Answer 3

You can use the WinAPI functions LogonUser and CreateProcessAsUser to programatically start a new process with different access rights.

For your scenario I would write a batch script with the required net commands, and if needed create a new cmd.exe process that gets the script name as a parameter.

This solution requires you to store the credentials used in LogonUser in your application somehow, so there might be security risks.