|
 |  |  |  |  |  |  |  |  |
Welcome to Vista Forums we are your forum for Windows Vista help and discussion. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
 |
| |||||||
 |
| | Thread Tools | Display Modes |
02-16-2007
| #11 (permalink) |
| Guest | Re: Is it possible for a service to start a user app running with admin privilege? Let alone the fact that it would take less than an hour to test the whole thing if the OP knows anything about how to create a Windows service app. Dale "David Hearn" <david.hearn@newsgroup.nospam> wrote in message news:ujM1k1aUHHA.3980@TK2MSFTNGP02.phx.gbl... > Polaris wrote: >> Hi Vista Experts: >> >> I have an UI application which needs admin privilege to run on Vista. In >> order for non-admin user to run it, can I create a service and then the >> service calls CreateProcessAsUser with a duplicate token of the service >> itself to start the UI application for the non-admin user to interact >> with? If the UI App is started this way, will it have the same privilege >> as the service (and thus be able to run with admin privilege)? > > Yes, I expect that a service can respond in some way to a user trigger > (eg. window message, comms on a particular port) and spawn a new process > with your application running with the service's privileges. > > However - I understand that in Vista, services can no longer interact with > the standard desktop - in essence, you cannot have services which have a > GUI operating on the normal desktop. I suspect this means that whilst > your service could, in theory, start an application - the fact you have a > GUI on it means it wouldn't work as you expect. I'm not sure how it would > fail (whether app would start but you'd not see anything, or wouldn't > start at all). I guess they added this to stop services being installed > which would then be used to bypass UAC etc - just as you thought. > > There are some ways around this it seems, but they won't work as you > think. See > http://msdn2.microsoft.com/en-us/lib...ppcomp_topic10 > > Specifically it says: > > "Quick solution: > > * If the application's service uses a UI, a built-in mitigation in > Windows Vista allows the user to interact with the Session 0 UI in a > special desktop. This will make available the UI specific to the > application, instead of the entire Session 0 desktop." > > Hope that helps > > David |
My System Specs |
| |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
 Lost Admin Privilege! Please Help Me! | eldron | General Discussion | 20 | 08-12-2008 02:09 PM |
| admin privilege | Ravi | Vista account administration | 2 | 07-05-2007 01:41 PM |
| Detect admin privilege due to elevation? | Frank S | Vista security | 2 | 03-09-2007 04:24 PM |
| Is it possible for a service to start a user app running with admin privilege? | Polaris | Vista General | 9 | 02-16-2007 08:30 AM |
| Standard user - start Explorer as Admin doesn't work | David Hearn | Vista security | 5 | 01-11-2007 01:35 PM |
| Complimentary Industry Resources Vista Forums has joined forces with TradePub.com to offer you a new, exciting, and entirely free professional resource. Visit http://vistax64.tradepub.com today to browse our selection of complimentary Industry magazines, white papers, webinars, podcasts, and more across 34 industry sectors. No credit cards, coupons, or promo codes required. Try it today! |
Linear Mode
