stackoom
  简体   繁体   中英

Run ui application with admin rights from service in current user's context

 原文  2018-06-08 12:41:12       c#/ .net/ windows-services/ uac

Question

I want to create a service. This service will do some diagnostics on current logon user's session. For example invoke some WMI commands. as you know when you connect to WMI as service you cannot see items ( for example printers or something else ) specific to user's session

So I started my research and I came up with CreateProcessAsUser() (because I don't know current user's password this seemed to me like it will do the job).

I have succefully got active session id and got token from session and duplicated session and called process as currently logon user. But the problem is when i call another exe its called without elevated rights. I'm stucked at this point.

My questions:

  1. is it possible to call another exe as user but with admin rights ?

  2. Is this correct and modern approach to this problem? I mean I read some people suggest to create 2 components. One is some simple application which will run at user's context other is service. This service and small application will communicate.

  3. If i choose to go with 2, is it possible to start this small application on user's context with admin rights from the service?

EDIT:

I think i got close but little bit confused. If i Duplicate the token as i told i get user session but without admin rights. But instead of duplicate if i get linked token ( as i read its admin token) i get it following way 

 IntPtr adminToken = IntPtr.Zero;
 uint TokenInfLength = 0;
 GetTokenInformation(hToken, 
 TOKEN_INFORMATION_CLASS.TokenLinkedToken, adminToken, 
 TokenInfLength,out TokenInfLength);

my process runs as admin but not in logon user's context it runs as system's context i cannot see user specific data. I don't understand how to give this token rights to currently logon user

1 answers

solution1
 0  2018-06-08 12:59:02

it is possible ie you can use DuplicateToken function and then CreateProcessAsUser with duplicated token and elevated privileges.

To work under service this functions are required some changes in local policies

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question acces global mutex/semaphore from user application without admin rights Run a process from a windows service as the current user How to Log error from application which is not running with admin rights How to start a program requiring admin rights as an admin user from a nonadmin account How can I make that when I run my application thorugh the VS it will prompt for admin rights? How to make application run as admin on user accounts? Get an application to run as a different user from a windows service Install WinForms application without admin rights Execute an application with admin rights on system without UAC Application manifest, admin rights and autostart on Windows Vista\7
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM