How to De-Elevate Privileges for a Child Process

How do you de-elevate privileges for a child process

We ended up using the sample from this Code Project article: High elevation can be bad for your application: How to start a non-elevated process at the end of the installation

It seems to work so far, I gather it injects into RunDll32.exe, my C++/Win32 is fairly weak so I didn't look too much into the actual implementation, just it's use. Confirmed that it works in Vista and Win7 both x86 and x64 (at least for us, x86 and x64 require different dll's which is checked for at install time and the proper one is used).

How to elevate privileges for child process

OK, this shouldn't actually be too hard, provided that UAC is configured with the default settings.

I believe that the reason CreateProcessWithLogonW() is failing is that the target executable requires elevation. If you instead run an executable that is not configured to require elevation, it should work.

At that point, you are running in the context of a limited token belonging to an administrative user. If you then attempt to launch an elevated process, e.g., using ShellExecute(), you will still get a UAC dialog - but it will be a yes/no dialog; the user will not need to enter the password.

Is it possible to elevate privileges of multiple child processes, prompting only once?

You could write your own process (C# application) that will be started by your main application with elevated rights.

Than, whenever you need to start a process with elevated rights you forward this request to your elevated process by using some kind of inter-process communication (NamedPipes, TcpClient, etc.) and that one will start this process as usual, leading to an elevated process cause it was started from an elevated one.

How to elevate privileges only when required?

I don't believe that it is possible to elevate the currently running process. It is built into Windows Vista that administrator privileges are given to a process upon startup, as I understand. If you look at various programs that utilise UAC, you should see that they actually launch a separate process each time an administrative action needs to be performed (Task Manager is one, Paint.NET is another, the latter being a .NET application in fact).

The typical solution to this problem is to specify command line arguments when launching an elevated process (abatishchev's suggestion is one way to do this), so that the launched process knows only to display a certain dialog box, and then quit after this action has been completed. Thus it should hardly be noticeable to the user that a new process has been launched and then exited, and would rather appear as if a new dialog box within the same app has been opened (especially if you some hackery to make the main window of the elevated process a child of the parent process). If you don't need UI for the elevated access, even better.

For a full discussion of UAC on Vista, I recommend you see this very through article on the subject (code examples are in C++, but I suspect you'll need to use the WinAPI and P/Invoke to do most of the things in C# anyway). Hopefully you now at least see the right approach to take, though designing a UAC compliant program is far from trivial...

---

Related Topics