Alternative ways to enable an application to run with admin rights

Question

I have a console app that works with monitoring all windows processes, waits for a specific one to appear and then work with it using UI Automation. It is only distributed to people who need it and are willing to install it so it does not do anything malwareous.

Right now it works by requiring admin rights so that it can monitor all processes and capture that specific one. The problem we face however, are users using desktop virtualization software like Citrix. They do not have admin rights, and cannot be granted any for security precautions.

Three alternatives that came to my mind were:

1. Creating a desktop shortcut as an admin with entering admin credentials once, so that it can be used by normal users afterwards, but it turned out this is not an option as admins cannot be in the equation in any way.
2. The second one was to rework the application so that it will use a windows service that would capture the arriving of the process and then do work, but it turned out windows services cannot work with the desktop session, meaning it cannot use UI automation which makes the app useless.
3. Maybe add something like get all processes and search for the desired one by name, but the re-occuring frequency of this has to be too small (less than a second), and if there are too many processes it will cause problems

I was wondering if there was anything that could be done to solve this/bypass it. So far i couldn't find a way to capture a desired process without admin rights

Answer 1

Just use a Windows Service (as admin) and your desktop application.

The Windows service executes everything that needs admin priveleges and the desktop application takes care of the UI tasks. The programs can communicated over named pipes, shared memory or a loopback network socket.

Disclaimer

Make sure to secure the inter-process-communication. Another user process should not be able to use the admin priveleges of your service.