Elevation and process creation APIs

In Vista, process creation APIs behave very differently with respect to UAC. If you call CreateProcess() on an executable which is manifested as “RequireAdministrator” or is flagged as an installer by Vista, you will get back an ERROR_ELEVATION_REQUIRED (740) error. ShellExecute() will behave appropriately (pop up the elevation / credential dialog). As mentioned in an earlier blog, ShellExecute() allows you to define a ‘runas’ verb which will trigger elevation on the process regardless of manifest, etc. 

CreateProcessAsUser() functions like CreateProcess in that it will return an elevation required error. If you want to launch a process from a service which will run elevated, one method of accomplishing this would be to write a small bootstrapping type application which calls ShellExecute() to launch the target app. This would allow you to launch any application as if it were manifested with “RequireAdministrator”.

 

Mark