Elevation and process creation APIs


In Vista, process creation APIs behave very differently with respect to UAC.  If you call CreateProcess() on an executable which is manifested as “RequireAdministrator” or is flagged as an installer by Vista, you will get back an ERROR_ELEVATION_REQUIRED (740) error.  ShellExecute() will behave appropriately (pop up the elevation / credential dialog).  As mentioned in an earlier blog, ShellExecute() allows you to define a ‘runas’ verb which will trigger elevation on the process regardless of manifest, etc. 


CreateProcessAsUser() functions like CreateProcess in that it will return an elevation required error.  If you want to launch a process from a service which will run elevated, one method of accomplishing this would be to write a small bootstrapping type application which calls ShellExecute() to launch the target app.  This would allow you to launch any application as if it were manifested with “RequireAdministrator”.


 


Mark


Comments (4)

  1. prsTM says:

    "f you want to launch a process from a service which will run elevated, one method of accomplishing this would be to write a small bootstrapping type application which calls ShellExecute() to launch the target app.  This would allow you to launch any application as if it were manifested with “RequireAdministrator”."

    I think I’m facing this exact issue, but, isn’t my service essentially running with admin privileges anyway because the lpServiceStartName  and lpPassword arguments to CreateService are NULL?

    Or, if I manifest my service "requireAdministrator", why shouldn’t I be able to ShellExecute my application directly?

  2. prsTM says:

    And a followup.. would the service (or the bootstrap app) specify ‘runas’ in ShellExecute? There’s no UI available to services, so does the OS ‘guess’ that it’s the admin, and silently promote the app?

  3. SecureW2 says:

    How would you advise transfering information between process that calls ShellExecute and the newly (elevated) process?

    Regards,

    T.

  4. teena says:

    how to  disable the pop up when using the shell  execute?