|
-
Mar 7th, 2013, 08:24 AM
#1
Thread Starter
Fanatic Member
Request Admin permission at runtime
I have an application (Targets FW4 client profile) that runs with default manifest (AsInvoker).
Occasionally i want to allow the user to escalate to admin to accomplish an admin task and then revert back down again. Obviously only if the user has that capability.
I don't want to run the entire application as admin with RunAs. just this one function.
I accept I should show a prompt. No problem with that.
But how would I go about that.
Thanks
Ian
-
Mar 7th, 2013, 10:11 AM
#2
Re: Request Admin permission at runtime
put the function in a separate executable + run with the process class, passing RunAs as the verb. to retrieve the return value (i'm not sure about this part), use redirectstandardoutput
- Coding Examples:
- Features:
- Online Games:
- Compiled Games:
-
Mar 7th, 2013, 02:06 PM
#3
Thread Starter
Fanatic Member
Re: Request Admin permission at runtime
Sorry. No. I'm not going to deploy a second executable. Surely there must be a way to escalate.
-
Mar 7th, 2013, 02:19 PM
#4
Re: Request Admin permission at runtime
Must there? If it was possible to do it in the manner that you're suggesting it would leave a massive security hole which I'm sure nobody would thank MS for! Security settings apply at application/process level. You don't get to float up and down willy nilly.
As the 6-dimensional mathematics professor said to the brain surgeon, "It ain't Rocket Science!"
Reviews: "dunfiddlin likes his DataTables" - jmcilhinney
Please be aware that whilst I will read private messages (one day!) I am unlikely to reply to anything that does not contain offers of cash, fame or marriage!
-
Mar 7th, 2013, 02:32 PM
#5
Thread Starter
Fanatic Member
Re: Request Admin permission at runtime
I wasn't expecting to float willy nilly.
I'd want UAC to display a prompt saying that application wants to do such and such and prompt for admin credentials. The user can see the prompt and accept (if he has admin credentials) or cancel if he wants. Where is the security hole in that?
-
Mar 7th, 2013, 02:40 PM
#6
Re: Request Admin permission at runtime
Then you'd better ask Microsoft to change UAC monitoring from process start to everything a process does. It's not something that any of us can change.
As the 6-dimensional mathematics professor said to the brain surgeon, "It ain't Rocket Science!"
Reviews: "dunfiddlin likes his DataTables" - jmcilhinney
Please be aware that whilst I will read private messages (one day!) I am unlikely to reply to anything that does not contain offers of cash, fame or marriage!
-
Mar 7th, 2013, 03:07 PM
#7
Thread Starter
Fanatic Member
Re: Request Admin permission at runtime
I Don't need to ask Microsoft. I just found a microsoft page which explains and supplies sample code for self elevation.
In their sample the current process isn't elevated. When the application needs to elevate it starts a copy of itself with admin privileges which completes the the admin task and closes itself returning to the original which is still running at the normal user level.
Almost the same as .Paul's first reply although Microsoft's solution doesn't require me to deploy a separate executable.
I would suggest that temporary elevation, as I want to do and how micrsoft suggest, is more secure than starting and running the app all day with admin permission.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
