Launching process from service as administrator when logged on user is normal user RRS feed

  • Question

  • Hi,

    Getting session ID before CreateProcessAsUser stuff is very interesting. I have the similar situation as  
    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=404082&SiteID=1. I  used it and it works fine when logged on user is an administrator. But unfortunately fails when logged on user is a standard user. Just to clarify I will briefly describe my picture.

    1. I wish to launch a process from service as an administrator without asking logged on user for admin credentials as I already know those crendentials.

    2. I used the method posted in this thread. It works fine when logged on user is an admin user. but fails when logged on user is a normal user.

    3. It fails at CreateProcessAsUser with error code 740 (ERROR_ELEVATION_REQUIRED). I have also tried LogonUser to get Token instead of fetching it from Session ID and use it.

    Is there any way I run admin process interactively when logged on user is a non-admin user?

    Thanks in advance,

    Thursday, March 8, 2007 7:22 AM

All replies

  • I have written, as a proof of concept for something we may need to do in our company, a service which will run a program with administrator authority on the user's desktop, whether the user is logged in with an administrator userid or not.

    The service determines whether the user in question is administrator, and if so uses GetTokenInformation() for TokenLinkedToken, then DuplicateTokenEx() to get a primary token.

    If the user is not an administrator, I create a new local userid with a random password using NetUserAdd(), use NetLocalGroupAddMembers() to add the user to the "Administrators" group, use LsaLogonUser() to log the new user on with a group SID that is the logon SID of the user on whose desktop I want to run the program (this gives the new user full access to that user's desktop), if running on Vista use GetTokenInformation() for TokenLinkedToken and then DuplicateTokenEx() to get a primary token (on Windows XP you can just use the token from LsaLogonUser()), then SetTokenInformation() for TokenSessionId to set the session ID for the user on whose desktop I want to run.

    Now, given a primary token, I use CreateEnvironmentBlock(), ImpersonateLoggedOnUser() and CreateProcessAsUser() to start my program.  In the case where I created a new user, I create a thread to wait for the started process to end, then use NetUserDel() to remove the new userid.

    I hope this gives you some ideas ...

    Friday, March 9, 2007 8:11 PM

    Thank you Larryfor your reply. I will follow it and let you know how it goes...


    Monday, March 12, 2007 9:29 AM