Hello,

I were wondering: say I elevate an application with a proper UAC dialog. This application will then have full admin privileges, clearly.

Now, say i want it to execute an application without UAC-granted 'rights', so that it runs 'limited' as an application before getting elevated.

Is it enough for me to call shellexecute to obtain this effect? I were wondering that, since i got elevated, all the apps i fire will be elevated as well... how can i launch an application so that it will not be 'elevated' as well, as parent is?

No matter which way ShellExecute works (i.e. with or without different kinds of privilege inheritance), my guess would be to use CreateProcess() and muck around with its lpProcessAttributes and/or dwCreationFlags parameters in to obtain any desired effect privilege/inheritance-wise. Don't know for certain though.

hmmm CreateProcess does not bypass the Vista/7 UAC boundary, because if you start an app with CP you wont get the elevation dialog, so I guess it wont allow me to 'switch back' to not-elevated status.
My problem is not limiting its rights, but rather do something like:

not-elevated app->call elevated app->call not-elevated app.

hmmm... i'll dig around the matter - damn micro$oft, UAC is simply USELESS and... BAH.

***IF*** the wanted to do something serious, they just had to BUY the old diamondGS behavioral blocker.... by the way, anyone knows what's happened to that company and its projects? does anyone remember who were that guy?

You'll want to use these APIs:

OpenProcessToken(...)
CreateRestrictedToken(...)
CreateProcessAsUser(...)

eheh thanks, ...but my problem is different (i'm well well fond to those api btw ). I needed to revert back to a not-elevated status, so that UAC could be triggered again in case of 'elevation'.
Fact is, if I am not-admin and need admin rights, i get password request etc. and i get a logon token, but if i am admin-under-UAC and i get elevation, i have no chance to get back to not-elevated status using winapi (i am still wondering that is the good reason behind this odd choice). Clearly, I do understand an application should NOT be able to switch UAC on and off at will - what i do not understand is why there's no RPC-wrapped stuff for executing another application as 'not elevated', which would be pretty meaningful "i request elevation by starting elevated process, elevated process do its work, and then it spawn a not elevated process, that do its business out of elevated context".

Solution is either to call the task scheduler and enforce it to schedule immediately your application, or to track down that shiny bastard interface that windows dev uses to enforce the winexplorer to fire processes -something like a "shellexecutebyexelorer" stuff- and use it to fire your process (well, injecting into a running process would do, but that's not a 'good' solution, indeed).

winbah!

That's not true. You could use AdjustTokenPrivileges(...) for that.


As I said above, you can use OpenProcessToken(...) + CreateRestrictedToken(...) + CreateProcessAsUser(...) to do this.

http://msdn.microsoft.com/en-us/magazine/cc163486.aspx


Are you REALLY sure of what you said about?

Yes, I was telling you how to launch a non-elevated process from an elevated process.