Results 1 to 10 of 10

Thread: Launch exe as another user with elevated rights

  1. #1

    Thread Starter
    New Member
    Join Date
    Oct 2020
    Posts
    4

    Launch exe as another user with elevated rights

    I have users with non admin rights that need to run a program which requires admin privileges. I thought I'd make a VB.net program to launch that program as a local admin account. I have the below code, but I get the error, "The requested operation requires elevation." I read that UseShellExecute needs to be set to false to use "verb = runas", but then that produces the error, "The Process object must have the UseShellExecute property set to false in order to start a process as a user." So I think launching the program as another user requires UseShellExecute to be false, but "verb = runas" requires UseShellExecute to be true. Does anyone know how I can get this to work?

    Code:
        Private Sub launchProgramWithUser()
            Dim pstartinfo As New ProcessStartInfo("C:\Program Files (x86)\Program123\program123.exe")
            pstartinfo.WorkingDirectory = "C:\Program Files (x86)\Program123"
            pstartinfo.UserName = "User1"
            Dim pwd As New System.Security.SecureString
            pwd.AppendChar("a"c)
            pwd.AppendChar("c"c)
            pwd.AppendChar("s"c)
            pwd.AppendChar("2"c)
            pwd.AppendChar("7"c)
            pwd.AppendChar("2"c)
            pwd.AppendChar("0"c)
            pwd.AppendChar("a"c)
            pwd.AppendChar("5"c)
            pwd.AppendChar("8"c)
            pwd.AppendChar("2"c)
    
            Try
                pstartinfo.Password = pwd
                pstartinfo.UseShellExecute = False
                pstartinfo.Verb = "runas"
                Dim proc As New Process
                proc.StartInfo = pstartinfo
                proc.Start()
            Catch ex As Exception
                MsgBox(ex.Message)
            End Try
    
        End Sub

  2. #2

    Thread Starter
    New Member
    Join Date
    Oct 2020
    Posts
    4

    Re: Launch exe as another user with elevated rights

    Seems like a catch-22... UseShellExecute needs to be set to false to allow the this to execute the external program as another user, but it needs to be set to true in order to use the "runas" verb. Another thing that I tired was opening powershell as another user, then launching the program with elevation (runas). This also is not working and I don't know why.
    Code:
    Dim pstartinfo As New ProcessStartInfo("powershell")
    pstartinfo.Arguments = "Start-Process ""C:\Program Files (x86)\Program123.exe\Program123.exe"" -Verb runAs"

  3. #3
    Wall Poster TysonLPrice's Avatar
    Join Date
    Sep 2002
    Location
    Columbus, Ohio
    Posts
    3,834

    Re: Launch exe as another user with elevated rights

    In the VB 6.0 world we use an API called CreateProcessWithLogonW to give elevated rights to the user temporarily.

    https://docs.microsoft.com/en-us/win...cesswithlogonw

    I'm guessing it would run in .Net.
    Please remember next time...elections matter!

  4. #4
    Super Moderator jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    110,299

    Re: Launch exe as another user with elevated rights

    Starting a process with admin rights and starting a process as a user who is an administrator are two different things. It appears that you are trying to do both at the same time and that may be impossible. This is a bit of an educated guess but I think that what you may need to do is impersonate the user first within your app, then just use the verb with the new process. That would mean not having to set UseShellExecute to False because the UserName is set. I've never used impersonation so I can't give you the details but it shouldn't be too hard to find out how to do it and test it out.

  5. #5
    Frenzied Member
    Join Date
    May 2014
    Location
    Central Europe
    Posts
    1,372

    Re: Launch exe as another user with elevated rights

    try it like this:
    Code:
        Public Sub Main()
            Try
                Dim procInfo As New ProcessStartInfo()
                procInfo.UseShellExecute = False
                procInfo.UserName = "username"
                procInfo.Domain = ""
                Dim pwd As New Security.SecureString
                For Each chr As Char In "password"
                    pwd.AppendChar(chr)
                Next
                procInfo.Password = pwd
    
                procInfo.FileName = "exe"
    
                procInfo.Arguments = "arguments"
                procInfo.WorkingDirectory = "workingdir"
                Process.Start(procInfo)
            Catch ex As Exception
                MessageBox.Show(ex.Message.ToString())
            End Try
        End Sub
    please ignore the insecure password coding, it just deemed not necessary in my case. looks like the only difference is i omit the 'runas' verb.

  6. #6
    Bad man! ident's Avatar
    Join Date
    Mar 2009
    Location
    Cambridge
    Posts
    5,398

    Re: Launch exe as another user with elevated rights

    You can run a process under any account using the example i wrote ages ago https://www.vbforums.com/showthread....System-account

    But you can not magically run a program from user to admin unless you have admin unless we dive into the territory of w10 hacks which I am not going to help with.

  7. #7
    Bad man! ident's Avatar
    Join Date
    Mar 2009
    Location
    Cambridge
    Posts
    5,398

    Re: Launch exe as another user with elevated rights

    Unless you can explain what you are doing this should be closed.

  8. #8

    Thread Starter
    New Member
    Join Date
    Oct 2020
    Posts
    4

    Re: Launch exe as another user with elevated rights

    jmcilhinney, you are right, I am trying to launch a program as another user AND elevate the permissions all at the same time. I think you're also right that it might be impossible, which is why I tried launching powershell as the local admin user, then launching the program from powershell giving elevated permissions. Not sure why that is not working.

  9. #9

    Thread Starter
    New Member
    Join Date
    Oct 2020
    Posts
    4

    Re: Launch exe as another user with elevated rights

    ident, we have students that utilize a testing site that launches a lockdown browser to make sure all other windows and tabs are closed (so that they can't cheat on the test). Unfortunately it requires admin privileges to run this program, but we do not want to give students admin rights on the device. If we gave them admin rights, the device would be loaded with games and malware. We are going to put a local admin account on the devices with our MDM, but I need a program that will launch the lockdown browser using the local admin account. Students will not know the password for the local admin account if I can get this vb program to work.

  10. #10
    Angel of Code Niya's Avatar
    Join Date
    Nov 2011
    Posts
    8,598

    Re: Launch exe as another user with elevated rights

    Quote Originally Posted by BrianBoru View Post
    ident, we have students that utilize a testing site that launches a lockdown browser to make sure all other windows and tabs are closed (so that they can't cheat on the test). Unfortunately it requires admin privileges to run this program, but we do not want to give students admin rights on the device. If we gave them admin rights, the device would be loaded with games and malware. We are going to put a local admin account on the devices with our MDM, but I need a program that will launch the lockdown browser using the local admin account. Students will not know the password for the local admin account if I can get this vb program to work.
    It seems Tyson's suggestion might be the most expedient way to solve this problem. He suggested using the CreateProcessWithLogonW API. It's more direct version of what Ident suggested that doesn't require you to handle the security tokens yourself.
    Treeview with NodeAdded/NodesRemoved events | BlinkLabel control | Calculate Permutations | Object Enums | ComboBox with centered items | .Net Internals article(not mine) | Wizard Control | Understanding Multi-Threading | Simple file compression | Demon Arena

    Copy/move files using Windows Shell | I'm not wanted

    C++ programmers will dismiss you as a cretinous simpleton for your inability to keep track of pointers chained 6 levels deep and Java programmers will pillory you for buying into the evils of Microsoft. Meanwhile C# programmers will get paid just a little bit more than you for writing exactly the same code and VB6 programmers will continue to whitter on about "footprints". - FunkyDexter

    There's just no reason to use garbage like InputBox. - jmcilhinney

    The threads I start are Niya and Olaf free zones. No arguing about the benefits of VB6 over .NET here please. Happiness must reign. - yereverluvinuncleber

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width