Launch non-elevated process from elevated process in C# RRS feed

  • Question


    I'm writing an application that creates and executes batch processes in windows, for example, my defrag program requires a service, which I've turned off by default, so instead of manually starting it, run the defrag program and then stopping it, my app could save a file with instructions of what services/processes to launch etc and do it automatically in the background (start the service and the program, wait for the program to exit, and then stop the service).


    The problem is, that in order to start/stop a service, my app needs to run with elevated permissions, but then my defrag program will be launched with elevated permissions as well (thinking of it, it needs to anyway, but other programs that I might want to run do not).


    So, is there a way to launch the program with normal permissions? I could have separate executables manage the sevices and the programs, but then there would be a consent prompt for each service started/stopped, which would just be annoying.

    Monday, August 13, 2007 6:51 PM


All replies

  • There's no reliable way of doing it that way round because the elevated user may be a completely different user to the one that is running the interactive task (since over-the-shoulder elevation may be used).


    The best approach is the 'bootstrap' model. The main applications runs with Standard User rights and when an task which requires elevation may occur, an elevated COM object is created via UAC and then the two co-operate to complete the operation. By using the elevated object to run scripts that require full rights, you only need have a single UAC prompt at the start of the task..



    Monday, August 13, 2007 8:24 PM
  • Thanks for your answer, but can COM objects be used in C#? The only places I've seen COM objects used is in C++ samples... Kinda new to programming, so if you know if it's possible and how to use COM in C# that would be of great help.
    Monday, August 13, 2007 8:39 PM

    Sure it can. Here is a pretty good article on doing COM based UAC elevation entirely in managed code.
    Monday, August 13, 2007 8:52 PM
  • Thanks!  Haven't tried it out yet, but i guess (and hope) it should do the trick.
    Tuesday, August 14, 2007 7:19 AM