locked
Requesting Admin Rights without COM RRS feed

  • Question

  • I have been trying to read over many of the articles concerning elevated priviledges in an application, but am a bit lost. 

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ietechcol/dnwebgen/protectedmode.asp

    http://windowssdk.msdn.microsoft.com/en-us/library/ms679687.aspx

    Those two of the main articles I have been trying to understand.  I know I can create a COM class that is defined in the registry and set it's elevation values there, then create it through CreateInstance.  The first article I am almost completely lost on (maybe it doesn't have anything to do with what I want?).

    Here's my situtation, I have a program that wants to write to registry, save files, etc, but can't do it without admin priviledges (the main thing I want is registering mime types).  The problem is that I don't use COM directly (custom COM type objects, but no relation to the true COM, I can't create any objects via the global COM calls).  At the moment, changing this to fit would be far more trouble then it's worth, so that's not an option.  Basically, I want to be able to elevate priviledges for a moment during the life of my program (when the user is changing options), so idealy I'd like to request admin priviledges when the user clicks Options, be able to do my admin work while there, then switch back to normal priviledges when they close the options.  As I said, I don't use regular COM classes and can't without major code changes due to cross platform compability, as well as numerous other issues.

    So is there any way to request elevated priviledges for my program (my process perhaps?), without having to set all these registry keys and derive whatever COM classes or etc etc etc?  Are there any single calls or set of calls or and API that I can use to request/change priviledges on the fly? Does it all have to be wrapped up inside these objects (no way around it)?

     

    Monday, August 21, 2006 7:09 PM

All replies

  • You could create a separate .exe that performs the elevated functions.  You'd execute you program using ShellExecuteEx() and specify the parameter ‘runas’ in the SHELLEXECUTEINFO structure member lpverb. 

    SHELLEXECUTEINFO sei;
    sei.lpVerb = L”runas”;

    This would elevate your program and allow you to run as admin for the life of the program.

    Tuesday, August 22, 2006 2:24 PM
  • In the current implementation, that's not quite possible, though.  Is using registered COM the ONLY way that elevated privileges can be used currently?
    Tuesday, August 22, 2006 5:21 PM
  • To elaborate a bit more, one of the situations (one of) that I am encountering is an auto update system.  This runs in the background while the system is running, and will check for updates as needed.  This is a DLL that gets kicked off by my main application, but it's the DLL that runs and does anything needed in the background.  I am encountering problems with that, in that it can't read/write to restricted sections in the registry.  I can't flag this DLL as admin, can I?  I know I can setup manifest files for executables and such, but can I do this for DLLs as well?  Again, keep in mind that this is basically all non-registered COM (basically as in I don't use the true MS IUnknown class, but it's pretty much a copy just for cross compatibility sake), but I don't register anything with the system or add the CLSIDs to the registry, which means I can't create the class instance through system services (which seems to be required to use this elevation moniker).
    Wednesday, August 23, 2006 11:04 PM