Calling methods in a win32 service with elevated privileges from an application

Question

I have developed a Win32 C/C++ application that creates dynamic WFP IP filters, however it must be run as admin to do so (due to the Windows security policy). I want to place the code that requires admin privileges in a service running with admin privileges and then call it from the application running as a normal user.

First is this the correct approach? And second, although I know how to create a service I cannot find any reference illustrating how to call methods in/send requests to a service.

Although I can probably cheat and play with the manifest, I don't mind extra work to do it correctly especially as the functionality will be reusable across applications.

Does anybody have any experience or pointers?

Answer 1

It is certainly the right approach to have a separate executable that has the privilege to perform the action you require, so that the main application can run in a restricted user account. As for sending requests to the service, there is nothing special about the fact it is running as a service. Just consider it to be a process that runs with the credentials of an admin user. So communicate with it in the same way you would in any other process-to-process situation, eg named pipes, network sockets, etc.