locked
Run app with Admin Priv as service form user with limited privileges RRS feed

  • Question

  • I have an application that requires administrator privileges to run under vista, but the user that will be running this application doesn't have administrator privileges. 

    The original approach (XP) was to create a Windows Service and have a client application communicate with Server application started by the service and launch the appropriate client applications.  These client applications interact the with users desktop. 

    With Vista, because of the change for Services  (Session 0), the user won't see the windows on his desktop.  

    How can I do this and still maintain the users limited privileges, but interact with the desktop and run the applications requested with administrator privileges.
    Friday, May 9, 2008 7:29 PM

All replies

  • If you need to make a service launch something on another desktop, have the client application tell the service/server application/whatever which desktop it's connecting from. Use lpDesktop in STARTUPINFO when you launch the new application from the service.

     

    I'm not certain I've understood you correctly, but it sounds like your client application (running as a standard user) talks to a privileged service (running as Local System, etc) which then launches a privileged application (i.e., running as administrator, etc) on the client application's desktop.  I would just like to note that an EOP service is scary, and there are a number of things one needs to worry about.  If the client is able to specify the exe for the service to run, the starting directory for the application, the environment, or who knows how many other things, or the applications it launches are vulnerable to something like the 'shatter attack' [wikipedia.org/wiki/Shatter_attack], or could be driven to do harmful things, there is a very strong potential for your service to be abused.

    Monday, May 12, 2008 6:45 PM
  • I'd have to agree with David. If you don't want users to be Administrators, then writing a service to let them be Administrators is just circumventing the whole point in the first place. If the aim is to get a legacy application that can't be modified to run on Vista, there are almost certainly better ways (Appcompat shims and/or ACL tweaks) than attempting to provide a generic Elevation of Priviliege service. If you go down that route, you might as well leave the users in the Administrators group and let UAC do the elevation work for you.

     

    Wednesday, May 14, 2008 12:37 PM