Elevation and process creation APIs

In Vista, process creation APIs behave very differently with respect to UAC. If you call CreateProcess() on an executable which is manifested as “RequireAdministrator” or is flagged as an installer by Vista, you will get back an ERROR_ELEVATION_REQUIRED (740) error. ShellExecute() will behave appropriately (pop up the elevation / credential dialog). As mentioned in an earlier blog, ShellExecute() allows you to define a ‘runas’ verb which will trigger elevation on the process regardless of manifest, etc. 

CreateProcessAsUser() functions like CreateProcess in that it will return an elevation required error. If you want to launch a process from a service which will run elevated, one method of accomplishing this would be to write a small bootstrapping type application which calls ShellExecute() to launch the target app. This would allow you to launch any application as if it were manifested with “RequireAdministrator”.

 

Mark

Comments

  • Anonymous
    October 06, 2006
    "f you want to launch a process from a service which will run elevated, one method of accomplishing this would be to write a small bootstrapping type application which calls ShellExecute() to launch the target app.  This would allow you to launch any application as if it were manifested with “RequireAdministrator”." I think I'm facing this exact issue, but, isn't my service essentially running with admin privileges anyway because the lpServiceStartName  and lpPassword arguments to CreateService are NULL? Or, if I manifest my service "requireAdministrator", why shouldn't I be able to ShellExecute my application directly?

  • Anonymous
    October 06, 2006
    And a followup.. would the service (or the bootstrap app) specify 'runas' in ShellExecute? There's no UI available to services, so does the OS 'guess' that it's the admin, and silently promote the app?

  • Anonymous
    March 28, 2007
    How would you advise transfering information between process that calls ShellExecute and the newly (elevated) process? Regards, T.

  • Anonymous
    August 10, 2011
    The comment has been removed