Running a process which requires admin from a window service which runs with admin credentials when a standard (non-admin) user logged on

Darren Rose 261

Trying to achieve this - Running a process which requires admin from a window service which runs with admin credentials when a standard (non-admin) user logged on

Have spent many hours today trawling internet and testing various projects I found, some of them quite old now and seem to be going round in circles.

I found this which gave me some hope, https://github.com/murrayju/CreateProcessAsUser?tab=readme-ov-file, but still not working as I need.

So the users logged on to the computer will just be standard users without admin rights.

My service will be installed and running with specific credentials which include admin rights

the process I want to run needs admin rights

tried various version of above but keep coming back to an error 740?

Any thoughts please, would be much appreciated!!!

RLWA32 47,246 Reputation points

2025-02-15T21:56:14.1566667+00:00

My service will be installed and running with specific credentials which include admin rights

In order for a Windows Service running in session 0 to start a process in a logged-on user's interactive session The token used with CreateProcessAsUser must meet 2 requirements.

First, the session id in the token must be the session id of the targeted interactive session. Second, the token used for the new process must have the required access to the window station and the desktop of the targeted interactive session.

I suggest you consider running your service using the SYSTEM account. This will give you the privilege you need to set the session id in a token. It also has all the privileges needed to call CreateProcessAsUser. Finallly, it will give you what you need to use LsaLogonUser or LogonUserExExW to logon an administrator account and obtain a token that will contain the logon sid of the interactive session. That logon sid in the created token will provide what is needed to successfully access the window station and desktop of the interactive session.
Darren Rose 261 Reputation points

2025-02-15T22:11:27.5966667+00:00

@RLWA32 - thank you for that, I had tried using above linked solution running as system account but couldn't then launch any process which required admin rights, hence the issue. So any guidance on getting it working would be appreciated.
RLWA32 47,246 Reputation points

2025-02-15T23:18:12.66+00:00

You're probably working with the wrong token. Remember, after you use LsaLogonUser or LogonUserExExW to logon an Administrator account and obtain a token (containing the right logon sid) you have received the usual split token created when UAC is active. The next step is to get a handle to the linked token that contains full administrator privileges. You do this by calling GetTokenInformation asking for TokenLinkedToken. That is the token in which you set the required session id and afterwards pass to CreateProcessAsUser.

Following image shows a standard user ("Bozo") logged on. Bozo has passed a control code to the CppAdminStarter service which started notepad in Bozo's session running as an Administrator. Observe in task manager that notepad is elevated.
Darren Rose 261 Reputation points

2025-02-15T23:25:55.14+00:00

@RLWA32
can I ask what code or solution you are using to do this so I can try myself? as I say I tried with the above github project and several others I found but none of them did what I wanted, so would appreciate if you have a solution I could try for myself?
RLWA32 47,246 Reputation points

2025-02-15T23:43:16.5+00:00

@Darren Rose, I'm using my own code written in C++. The github project you referenced above is using C#. What language are you working with?
Darren Rose 261 Reputation points

2025-02-16T00:08:27.68+00:00

I am using either VB.NET or C# so if I had a function to use I could call it from either?
MotoX80 35,591 Reputation points

2025-02-16T00:38:03.7866667+00:00

Any thoughts please, would be much appreciated!!!

What does the program do that requires admin access? Is this a commercial product or something that someone in your organization developed?

Have you approached the developer (support team) about this issue?
Darren Rose 261 Reputation points

2025-02-16T00:40:48.73+00:00

@MotoX80 it is something I am creating for my use, it needs to be able to launch processes that need admin rights to perform admin related tasks on a AD Domain.
MotoX80 35,591 Reputation points

2025-02-16T01:31:57.86+00:00

Do what I did and build a web site to do that. I set the IIS worker process to execute as an account that had admin rights. The end users would browse the site which would authenticate them but not impersonate them. The site code would then look to see what the user was allowed to do and the site did it for them.

Example, adding and removing users from security groups. We would define security groups with names like Accounting-Owners, Accounting-ReadOnly, Accounting-Secure. If the user was a member of the Accounting-Owners group then they were allowed to add/remove users from the other "Accounting-" groups.

Obviously this all depends on what you need to accomplish and what user interface requirements you have. Separate the admin functionality from the user interface. If you have a Windows service to perform the admin tasks, have it launch command line programs where you can capture stdout and stderr. Have another program that runs in the standard user context that displays the captured output.
RLWA32 47,246 Reputation points

2025-02-16T01:38:42.9033333+00:00

admin related tasks on a AD Domain.

The portion of the code to add groups in the call to LogonUserExExW to obtain a token was only validated for a member of the Administrators group on a standalone system. I don't know if other groups need to be added for a domain joined system.
Darren Rose 261 Reputation points

2025-02-16T02:17:35.8733333+00:00
@RLWA32 I got an email notification but your comment seems not to be visible, yes it is on a domain but I only need local admin rights
MotoX80 35,591 Reputation points

2025-02-16T02:41:12.6966667+00:00

My favorite question: "what's the real problem?". Forget about your "run as admin" question for the moment. Tell us what you are trying to accomplish.

Explain the #1 problem that you are trying to solve. Add user to AD group? Define user? Something with Exchange? What AD task do you need to implement?

What program are you going to "run as admin"? Is it a GUI program? How will the standard user interact with it? What security restrictions/requirements do you have?
Darren Rose 261 Reputation points

2025-02-16T02:55:57.83+00:00

will be a combination of GUI and command line apps which require admin rights, needed to run under standard user
RLWA32 47,246 Reputation points

2025-02-16T08:37:39.9266667+00:00

@MotoX80 wrote "What program are you going to "run as admin"? Is it a GUI program? How will the standard user interact with it? What security restrictions/requirements do you have?"

These are all very good questions.

For example, if your application running with elevated privileges as an Administrator allows the use of the open file dialog you have essentially given the standard user Administrator access to the entire file system! And that's just a foothold. Using the open file dialog the standard user can run an arbitrary executable under the Administrator account. Maybe even use this capability to make themselves an Administrator!

If the application starts a process using an executable located in an insecure file system location that would be a major security problem.

And these are just two problematic examples. I'm sure there are many more potential problems that could manifest in the right combination of circumstances.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Darren Rose 261 Reputation points

2025-02-16T13:46:13.2666667+00:00

My previous response seems to have not appeared.

It will run some in house written processes mainly to collect logs and diagnostic data for several apps the company uses which normally require admin consent and is a pain for help desk staff to constantly have to connect up and enter admin credentials.

This is in a secure domain I am admin of, so all security risks will be taken into account.

Nothing such as file > open dialog will be used. In some cases it would run in background, others it may be GUI based as would need some input from user.

Hope this answers your points, sorry for short response last night, it was 3am here :)
MotoX80 35,591 Reputation points

2025-02-16T14:02:15.75+00:00

I second the concerns that @rlwa32 commented. If you launch a GUI program that has domain admin rights, you won't be able to control what the standard user does with that.

I feel like there's just too much that we don't know about your environment and requirements to give you a good answer. Saying "will be a combination of GUI and command line app" just seems rather vague and I'm having a hard time envisioning how that would work.

If this "business function" is running on some workstation, and the programs that need to interact with a standard user are going to be making calls over the network to a domain controller, then I would think that they don't need to run as an "elevated local admin", they just need to run as a different domain user that has the required rights within AD.

Since you are writing code, build a "controller" program that interacts with the user. Have it impersonate/shellexecute "the other user that has AD rights".

https://samtech365.com/run-part-of-your-c-code-under-a-different-user/

https://www.curlybrace.com/words/2009/06/run-external-application-as-another-user-in-c/
Darren Rose 261 Reputation points

2025-02-16T14:07:51.0766667+00:00

there would be more than 1 process called over time, some may run in background, some may run as GUI.

How the apps / processes run now means they come up with UAC prompt to elevate and then need admin credentials entered which disturbs the user when working.

I wanted to get them running in background as much as possible so the diagnostic data can be collected without disturbing the user, hence my question.

I have tried to answer all your questions, and am no deliberately trying to be vague etc, so apologies if I have missed a point.

The apps only need local admin rights, but the users logged onto the computers wouldn't have that (and for obvious reasons can't be given that). So no it wouldn't need DOMAIN admin rights, that is just currently what is entered by help desk staff, but they could just enter machine local admin account details and it would just the same.
RLWA32 47,246 Reputation points

2025-02-16T14:35:33.07+00:00

Have you considered available software to start processes with administrator credentials without a UAC prompt? I've read threads that discuss "runastool" and "runasrob". I have no experience with them and do not endorse or recommend them.
MotoX80 35,591 Reputation points

2025-02-16T14:43:46.54+00:00

We tried to help this user

https://learn.microsoft.com/en-us/answers/questions/1656753/am-i-invoking-psexec-wrong-or-is-it-not-working-pr

It has the link to RunAsRob and I also posted a Powershell script that I wrote to run a program as an admin. That might work for you. You might want to change the registry location from HKCU to HKLM so that it's visible to any user on the pc.
Darren Rose 261 Reputation points

2025-02-16T14:52:44.5933333+00:00

@RLWA32 I will take a look, thanks. But would prefer to learn how to do it myself from with my own code, hence asking here

2 answers

Marcin Policht 36,260 Reputation points MVP

2025-02-15T22:23:05.9666667+00:00

Use either Group Policy or Group Policy Preferences via User Configuration and run either of them in the security context of the SYSTEM account

More at https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn789189(v=ws.11)

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
RLWA32 47,246 Reputation points

2025-02-17T11:15:33.1566667+00:00
@Darren Rose, Following is the code that will start a process in a standard user's interactive session running as an Administrator when it is called from a Windows Service running as SYSTEM.A couple of things to note :

The code assumes that UAC is active.

The profile of the Administrator account being used is loaded. This is needed for user environment variables and HKCU use by the started process.

The unicode (UTF-16LE) version of Windows API functions is used. Any command line string passed to the function must be writable to avoid an possible access violation.

Upon a successful return from CreateProcessAsUser the code will wait for the started process to terminate. This is to give it an opportunity to unload the user profile after it is no longer in use by the started process.

Since the code will wait indefinitely for the started process to terminate you may want to use a dedicated thread in your Windows Service or otherwise advise a threadpool that the function will not return quickly.

Following is the code -

#include <Windows.h> #include <UserEnv.h> #include <WtsApi32.h> typedef BOOL(WINAPI* LOGONUSEREXEXW)( // LogonUserExExW _In_ LPCWSTR lpszUsername, _In_opt_ LPCWSTR lpszDomain, _In_opt_ LPCWSTR lpszPassword, _In_ DWORD dwLogonType, _In_ DWORD dwLogonProvider, _In_opt_ PTOKEN_GROUPS pTokenGroups, _Out_opt_ PHANDLE phToken, _Out_opt_ PSID* ppLogonSid, _Out_opt_ PVOID* ppProfileBuffer, _Out_opt_ LPDWORD pdwProfileLength, _Out_opt_ PQUOTA_LIMITS pQuotaLimits ); typedef struct { DWORD GroupCount; SID_AND_ATTRIBUTES Groups[3]; } LGEXGROUPS, * PLGEXGROUPS; DWORD GetInteractiveSession() { DWORD dwCount{}, dwSession{(DWORD) -1}; PWTS_SESSION_INFOW pwsi{}; if (WTSEnumerateSessionsW(WTS_CURRENT_SERVER, 0, 1, &pwsi, &dwCount)) { for (DWORD i = 0; i < dwCount; i++) { if (pwsi[i].State == WTSActive) { dwSession = pwsi[i].SessionId; break; } } WTSFreeMemory(pwsi); } return dwSession; } BOOL LogonWithGroups( LPCWSTR lpUser, LPCWSTR lpDomain, LPCWSTR lpPass, PTOKEN_GROUPS plogonsid, PHANDLE ptoken) { BOOL ret{ FALSE }; LOGONUSEREXEXW LogonUserExEx{}; static HMODULE hMod = NULL; BYTE localSid[SECURITY_MAX_SID_SIZE]{}; DWORD cblocalSid{ ARRAYSIZE(localSid) }; BYTE localAccountSid[SECURITY_MAX_SID_SIZE]{}; DWORD cblocalAccountSid{ ARRAYSIZE(localAccountSid) }; if (!hMod) hMod = LoadLibraryW(L"advapi32.dll"); if (hMod) { LogonUserExEx = (LOGONUSEREXEXW)GetProcAddress(hMod, "LogonUserExExW"); if (LogonUserExEx) { if (CreateWellKnownSid(WinLocalSid, NULL, localSid, &cblocalSid) && CreateWellKnownSid(WinLocalAccountSid, NULL, localAccountSid, &cblocalAccountSid)) { LGEXGROUPS tg = { ARRAYSIZE(tg.Groups), { {localSid, SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT}, {localAccountSid, SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT}, {plogonsid->Groups[0].Sid, SE_GROUP_ENABLED | SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT}, } }; ret = LogonUserExEx(lpUser, lpDomain, lpPass, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, (PTOKEN_GROUPS) &tg, ptoken, NULL, NULL, NULL, NULL); } } } return ret; } DWORD StartAdminUser( LPCWSTR lpUser, LPCWSTR lpDomain, LPCWSTR lpPass, LPCWSTR lpApp, LPWSTR lpCmdline, LPCWSTR lpDir, int nShow) { STARTUPINFOW si{ sizeof si }; DWORD dwSession{}, err{ ERROR_SUCCESS }; PROCESS_INFORMATION pi{}; HANDLE hToken{}, hCurrentUser{}; TOKEN_LINKED_TOKEN tlt{}; PROFILEINFOW pInfo{ sizeof pInfo }; LPVOID pEnvironment{}; BOOL bImpersonating{ FALSE }; si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = nShow; pInfo.lpUserName = (LPWSTR)lpUser; __try { dwSession = GetInteractiveSession(); if (dwSession == (DWORD)-1) { err = GetLastError(); __leave; } if (!WTSQueryUserToken(dwSession, &hCurrentUser)) { err = GetLastError(); __leave; } DWORD dwLen{}; BYTE logonsid[sizeof(TOKEN_GROUPS) + SECURITY_MAX_SID_SIZE]{}; DWORD cblogonsid{ ARRAYSIZE(logonsid) }; if (!GetTokenInformation(hCurrentUser, TokenLogonSid, logonsid, cblogonsid, &dwLen)) { err = GetLastError(); __leave; } if (!LogonWithGroups(lpUser, lpDomain, lpPass, (PTOKEN_GROUPS)logonsid, &hToken)) { err = GetLastError(); __leave; } if (!GetTokenInformation(hToken, TokenLinkedToken, &tlt, sizeof tlt, &dwLen)) { err = GetLastError(); __leave; } if (!SetTokenInformation(tlt.LinkedToken, TokenSessionId, &dwSession, sizeof(DWORD))) { err = GetLastError(); __leave; } if (!LoadUserProfileW(tlt.LinkedToken, &pInfo)) { err = GetLastError(); __leave; } if (!CreateEnvironmentBlock(&pEnvironment, tlt.LinkedToken, FALSE)) { err = GetLastError(); __leave; } bImpersonating = ImpersonateLoggedOnUser(tlt.LinkedToken); if (!CreateProcessAsUserW(tlt.LinkedToken, lpApp, lpCmdline, nullptr, nullptr, FALSE, CREATE_UNICODE_ENVIRONMENT, pEnvironment, lpDir, &si, &pi)) { err = GetLastError(); __leave; } if (bImpersonating) { RevertToSelf(); bImpersonating = FALSE; } WaitForSingleObject(pi.hProcess, INFINITE); } __finally { if (bImpersonating) RevertToSelf(); if (hCurrentUser) CloseHandle(hCurrentUser); if (hToken) CloseHandle(hToken); if(pInfo.hProfile) UnloadUserProfile(tlt.LinkedToken, pInfo.hProfile); if (tlt.LinkedToken) CloseHandle(tlt.LinkedToken); if (pEnvironment) DestroyEnvironmentBlock(pEnvironment); if (pi.hThread) CloseHandle(pi.hThread); if (pi.hProcess) CloseHandle(pi.hProcess); } return err; }
Please sign in to rate this answer.
Darren Rose 261 Reputation points

2025-02-17T11:34:04.1866667+00:00

thank you very much indeed, I will give it a try later :)

RLWA32 47,246 Reputation points

2025-02-18T13:22:34.59+00:00

@Darren Rose, I'm not sure how you intend to work with the unmanaged code that I shared. But since you will probably have to use P/Invoke to call Windows API functions you might consider using the code to create an unmanaged DLL that exports the StartAdminUser function. That could be an easier alternative to converting everything into C# or VB.

Darren Rose 261 Reputation points

2025-02-18T13:26:32.8066667+00:00

@RLWA32 I did try it last night, doing exactly what you suggested but struggled getting it to work, I could launch a process such as notepad.exe and it appeared fine, but when trying to launch anything which needed elevation e.g. regedit.exe as a test example it would show in task manager, but was not visible

MotoX80 35,591 Reputation points

2025-02-18T13:41:08.9666667+00:00

What is purpose of using a Windows service? Can't you just write a program that launches when the user logs on which then would spawn a "controller process" that runs as the elevated admin account. That process would in turn launch whatever GUI/command line app that performs the desired function.

Would that simplify the process? You could even use Windows runas.exe to further simplify the coding.

Darren Rose 261 Reputation points

2025-02-18T13:50:21.5566667+00:00

The reason for using a service is because that could be set to run as either system or as an account with admin rights

As the user of the computer will just be a standard user with NO admin rights my thought was that launching the process from the service would at least allow me to run the process with admin rights, as the service itself was already running with those rights, whereas the user themselves wouldn't

My understanding is that I can elevate and run an admin app under a normal user without supplying admin credentials each time (or hard coded which I don't want to do), hence service running as system or local admin or similar

RLWA32 47,246 Reputation points

2025-02-18T13:57:58.3233333+00:00

@Darren Rose, I just tested with regedit.exe and it started properly in a standard user's interactive session with elevated privileges running under an Administrator account.

Remember, the function uses the first WTSActive session that it find. If you have set your service to start automatically and immediately run the code then it is running before user's sign-on and an interactive session will not yet exist. It is likely that the application has been started in non-interactive session 0. You can check this by going to the Details display in Task Manager and configuring it to show the Session ID column

Darren Rose 261 Reputation points

2025-02-18T14:03:10.87+00:00

Okay, not sure what was going wrong for me then. I was starting service manually for testing so it was definitely running whilst a standard user was logged on

how exactly are you running the code ? are you testing from a vb/c# app or something else, just so I can try and replicate exact settings to test

RLWA32 47,246 Reputation points

2025-02-18T14:12:34.7366667+00:00

For testing purposes the Windows Service that I use is configured for manual start. The service handles user control codes that can be sent to it by the sc command. So I start the service and then sign-in to a standard user account. As the standard user I send the service the control code that will cause it to start a thread that invokes the StartAdminUser function. It works equally well if after starting the service I sign out of the administrator account and then sign-in as the standard user.

Darren Rose 261 Reputation points

2025-02-18T14:19:09.7733333+00:00

when you call StartAdminUser are you having to provide it with admin credentials directly or is it getting those from the service it is running as? can you provide me the exact example you are using so I can test it? please?

RLWA32 47,246 Reputation points

2025-02-18T14:28:38.5133333+00:00

The service is NOT running as an account that is a member of the Administrator group. It must run as SYSTEM.

The credentials of the user that is a member of the Administrator group are passed as parameters to the StartAdminUser function.

In the service handler for user control codes-

switch (dwCtrl) { case 132: { HANDLE hThread = CreateThread(nullptr, 0, StartAdminProc, nullptr, 0, nullptr); if(hThread) CloseHandle(hThread); return; } // Rest of code }

Thread procedure -

DWORD __stdcall StartAdminProc(PVOID pv) { DWORD err = StartAdminUser(L"User", L"Domain", L"Password", L"C:\\Windows\\regedit.exe", nullptr, L"C:\\Windows", SW_SHOW); if (err) ReportError(err); return err; }

Darren Rose 261 Reputation points

2025-02-18T14:31:29.1066667+00:00

okay thanks for clarifying, we are talking cross purposes then, as that is not what I was trying to achieve. I wanted (and maybe this is not possible) to be able to launch the admin process under a standard login from a service running as admin or system WITHOUT having to pass credentials to the call.

RLWA32 47,246 Reputation points

2025-02-18T14:46:13.6366667+00:00

WITHOUT having to pass credentials to the call.

The reason for using credentials is that they are used with the LogonUserExExW function which provides the capability to create a token that contains the logon sid of the interactive session (needed for window station/desktop). This capability requires the SYSTEM account. Another reason the service needs to run as SYSTEM is so that it can set the interactive session id in the token to be used with CreateProcessAsUser.

You could encrypt the credentials and store them in the registry or a secure file so that they do not need to appear in the code as plain text.

I've given you the answer to the question that you asked about using a Windows Service.

But it appears that in the final analysis that isn't the path you want to follow.

Darren Rose 261 Reputation points

2025-02-18T14:50:17.8966667+00:00

My apologies, I thought I had explained it quite clearly in initial post, and i thank you sincerely for trying to assist, I suspect it is just that what I had in my mind I wanted to achieve just isn't possible without supplying credentials, but it has certainly given me some ideas and I thank you for the code snippet. I will go back to drawing board on this and perhaps hardcoding some local admin credentials encrypted or similar in the code may be the solution I need. Thanks again :)

MotoX80 35,591 Reputation points

2025-02-18T16:27:43.9333333+00:00

I will go back to drawing board on this

I apologize if I'm being a pain here, but I go back to my (updated) initial comment; What do the programs do that require elevated admin access when run on a helpdesk users workstation in order to function?

If they need to access log files, create an AD group called Helpdesk_Users, and grant that group read access to the log files.

I'm no AD expert but I've seen enough over the years to believe that there should be some way to delegate authority to non-admin users for a good number of tasks.

I may be way off-base with this, which wouldn't be the first time, but if you have to go back to the drawing board, then maybe ask about the function being performed. IE; "How do I allow help desk users to reset users passwords without granting them AD admin access?".

Feel free to ignore me.

Darren Rose 261 Reputation points

2025-02-18T16:35:15.6033333+00:00

There are several tools I needed this for, some of them in house developed which would access information from WMI and registry and other areas that only work when elevated. The other is a database diag tool from a vendor to collect information from an app my company uses and this only runs as admin, so requires local (or domain) admin credentials entering each and every time it is run which can be a pain for help desk staff, hence trying to make it easier

RLWA32 47,246 Reputation points

2025-02-18T17:07:27.98+00:00

@Darren Rose, Forgive me if I appear to be lobbying for a particular solution but from what you just described a solution that enables users to start various and arbitrary elevated processes in a standard user's interactive session by a sending a Windows Service user defined service control codes seems to fit quite well. Each process that needs to run elevated would have its own control code that is recognized by the service. So a single service could accommodate starting a variety of elevated processes based on the assigned control codes. It would be pretty simple to write a gui application to handle sending the user defined control codes assuming that you didn't want to use the sc command. And the security descriptor for the Windows service could restrict permission for accepting user defined control codes to the users/groups you you specify.

Darren Rose 261 Reputation points

2025-02-18T17:10:43.1133333+00:00

@RLWA32 yes I must admit that does sound like it is going to be the best route. I don't suppose you would be happy to share your solution that does this? ( ;) ), either here or privately

RLWA32 47,246 Reputation points

2025-02-18T17:23:32.0766667+00:00

Now why wouldn't the existing 3rd party software mentioned earlier that is capable of starting elevated processes without a UAC prompt meet those same needs? :)

Darren Rose 261 Reputation points

2025-02-18T17:33:04.6266667+00:00

it may well do, but I already have a service installed on those machines used for other purposes (logging / alerting etc etc), so would be really nice to be able to use something like you mentioned in last post directly from my own service rather than having 3rd party tools installed which I would need to configure shortcuts for etc

RLWA32 47,246 Reputation points

2025-02-18T18:05:40.1466667+00:00

My earlier comment about using a service may sound attractive but a design, coding and testing effort would be needed including integration, if possible, with your existing service. Putting together proof of concept code is not the same as providing a finished product. And its not like I have this stuff already written. Finally, all other things aside, you haven't yet successfully used the provided StartAdminUser function in your own service.

Going the 3rd party software route sounds much more practical to me.

Darren Rose 261 Reputation points

2025-02-18T18:11:57.73+00:00

okay fair enough, just wanted to try what you had as you said it was working for you and then i could see if following same steps exactly worked for me, that was all I meant

RLWA32 47,246 Reputation points

2025-02-18T18:38:39.11+00:00

Can't you put the pieces that you already have together to do the same proof of concept that I demonstrated? Sounds to me like you could add the ability to handle a user defined control code to an existing service so it would call StartAdminUser. As I did you could send the code to the service with the sc command.

Darren Rose 261 Reputation points

2025-02-18T18:41:31.3866667+00:00

i just wanted to test with a "known working" solution that was why I asked, not to worry

RLWA32 47,246 Reputation points

2025-02-18T20:12:44.0266667+00:00

FYI, I took a very simple .Net Framework 4.8 service and added the following to it. I do most of my work in C++ so please overlook the crude use of C#.

In the service class -

protected override void OnCustomCommand(int command) { base.OnCustomCommand(command); if(command == 132) { Thread StartAdminProc = new Thread(AdminWork.DoWork); StartAdminProc.Start(new Parms()); } }

In the same assembly -

public class AdminWork { [DllImport("AdminHelper.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, ExactSpelling = true)] static extern int StartAdminUser(string lpUser, string lpDomain, string lpPass, string lpApp, string lpCmdline, string lpDir, int nShow); public static void DoWork(object obj) { Parms p = (Parms)obj; StartAdminUser(p.User, p.Domain, p.Pass, p.App, null, p.Dir, p.show); } } public class Parms { public string User = "User"; public string Domain = "Domain"; public string Pass = "Password"; public string App = @"C:\Windows\regedit.exe"; public string Dir = @"C:\Windows"; public int show = 5; }

Darren Rose 261 Reputation points

2025-02-18T20:14:55.59+00:00

thank you, will give it a try later and report back :)
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Running a process which requires admin from a window service which runs with admin credentials when a standard (non-admin) user logged on

2 answers

Your answer