Vista - Vista: Impersonation across Intergrity Levels

Hello all,

I have an app that runs elevated that talks to an unelevated app via COM.
I want the COM servers in the unelevated app to be able to impersonate the
elevated client to perform certain file operations with full admin rights.

Whatever CoInitializeSecurity() parameters I have been trying to apply on
the client does not give the server appropriate rights ending with
ERROR_BAD_IMPERSONATION_LEVEL error when it tries to work with a file after
CoImpersonateClient().

I can foresee that something like a Mandatory Label SACL needs to be applied
to the client, but I cannot find any documentation in that regard.

Anyone has any ideas?

Thanx in advance,
AlexC

Alex Chmut wrote:
> Hello all,
>
> I have an app that runs elevated that talks to an unelevated app via COM.
> I want the COM servers in the unelevated app to be able to impersonate the
> elevated client to perform certain file operations with full admin rights.
>
> Whatever CoInitializeSecurity() parameters I have been trying to apply on
> the client does not give the server appropriate rights ending with
> ERROR_BAD_IMPERSONATION_LEVEL error when it tries to work with a file after
> CoImpersonateClient().
>
> I can foresee that something like a Mandatory Label SACL needs to be applied
> to the client, but I cannot find any documentation in that regard.
>
> Anyone has any ideas?
>
> Thanx in advance,
> AlexC

I could be wrong, but I understand that you cannot alter the security
level of a process once it has been started - it's by design. The only
way you'll get it to work is to:

a.) get the unelevated process to launch an elevated process and perform
those file operations in that process and then exit to the original
unelevated process
b.) elevate the currently unelevated process

Basically, as I understand it, you're not going to get an unelevated
process to be elevated once it's started.

D

"David Hearn" <david.hearn@newsgroup.nospam> wrote in message
news:OA5neDtPHHA.4376@TK2MSFTNGP02.phx.gbl...
>
> a.) get the unelevated process to launch an elevated process and perform
> those file operations in that process and then exit to the original
> unelevated process
> b.) elevate the currently unelevated process
>

These are not relavent to my question. I'm not talking here about how to
design apps for Vista.
I'm talking about a piece of functionality of the normal NT/COM security -
impersonation, which should work as long as the client gives such right to
the server.

Alex Chmut wrote:
> "David Hearn" <david.hearn@newsgroup.nospam> wrote in message
> news:OA5neDtPHHA.4376@TK2MSFTNGP02.phx.gbl...
>> a.) get the unelevated process to launch an elevated process and perform
>> those file operations in that process and then exit to the original
>> unelevated process
>> b.) elevate the currently unelevated process
>>
>
> These are not relavent to my question. I'm not talking here about how to
> design apps for Vista.
> I'm talking about a piece of functionality of the normal NT/COM security -
> impersonation, which should work as long as the client gives such right to
> the server.

Sorry, I was under the impression this app was running on Vista and
therefore constrained by Vista's more strict security policies.

David

The reply to this has been given on MSFT forum:
http://forums.microsoft.com/MSDN/Sho...43217&SiteID=1