New AppDomain from MMC Snap-In does not get elevated privileges for UAC

Question

I've created an MMC snap in that launches code in a new appdomain and part of the code checks for a registry key. If I check for the key in the snap in process it works, but the code in the new appdomain throws a security exception. If I load the code in a new appdomain from a console or windows app, it works fine.

Here is the code:

public class SimpleMMCSnapIn : SnapIn  
{  
    public SimpleMMCSnapIn()
    {
        RegistryKey archerKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft", true); //this call works

        Evidence baseEv = AppDomain.CurrentDomain.Evidence;
        Evidence newEv = new Evidence(baseEv);

        AppDomainSetup setup = new AppDomainSetup { ApplicationBase = "<pathtobin>" };

        AppDomain domain = AppDomain.CreateDomain("MigratorDomain", newEv, setup);
        domain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

        IWork migrator = (IWork)domain.CreateInstanceAndUnwrap("CheckRegistry", "CheckRegistry.CheckRegistry");

        migrator.Work();
    }
}

[Serializable]  
public class CheckRegistry : MarshalByRefObject, IWork  
{  
    public void Work()  
    {  
        RegistryKey archerKey = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft", true); //this call throws a security exception
    }  
}

Please note, if I load the code in a new appdomain from a console or windows app, it works fine. I think this is more of an MMC snap-in question than a UAC question.

Any insight would be much appreciated...

Thanks,

Brad

Answer 1

What do you see if you change your Work() method to do this?

WindowsPrincipal user = (WindowsPrincipal)Thread.CurrentPrincipal;
if ( user.IsInRole(WindowsBuiltInRole.Administrator) )
{
    MessageBox.Show(string.Format("{0} is an Administrator", user.Identity.Name));
}
else
{
    MessageBox.Show(string.Format("{0} is NOT an Administrator", user.Identity.Name));
}