Windows 7 UAC elevation

views:

291

answers:

Windows 7 UAC elevation

I have a single thread that I'd like to run as an administrator in my application. The rest of the application I can happily run as the default user level (asInvoker). Is this possible? I notice there is an "ImpersonateLoggedOnUser" function. Can I somehow use this to log the administrator on and then get the thread to impersonate that person?

It seems as though this ought to be something pretty trivial to do ... but there doesn't appear to be any obvious way to do it. Can anyone help me out?

Edit: So if I have to fire off a seperate process is there any way I can CreateProcess a new process and have it launch from a specific entry point. I can, of course use command line processing to do it, but i'd really rather I could stop the user from entering the command line and starting an unclosable process!

+2 A:

No, elevation is per process, not thread.

If the rest of the application has to run non-elevated, you could run yourself elevated with some parameter (myapp.exe /uac "ipcparamhere") and use some sort of Inter-process communication to communicate back to the "main instance" of your app. (If the elevated process only performs a simple operation, you could probably check for success by using the exit code of the process)

Anders 2010-04-23 13:49:44

Yeah its looking annoyingly likely that I will have to do something like this. I'll update my question, though ...

Goz 2010-04-23 14:44:28

+1 A:

This is not possible. You'll need to gain admin privileges by including a manifest in the app. Google "requireAdministrator" to find the manifest you'll need. Your user will probably quickly tire of doing this over and over again, your best bet is to spin-off the task that requires these privileges into a separate process. A service for example.

Hans Passant 2010-04-23 14:03:34

I am aware of this ... the problem arises that you can't then drag and drop from explorer (a user mode process) into my app (an administrator process). As such unless i can elevate a single thread then I will need to run a seperate process which will take a fair bit of re-architecting :(

Goz 2010-04-23 14:43:54

Well, the idea was to *not* make your app require admin rights. That solves the D+D problem.

Hans Passant 2010-04-23 16:32:34

And if thats NOT possible?

Goz 2010-04-23 17:45:29

You are still stuck in stage 1 of the five stages of grief. With some luck, you'll get to 5 within a week or so and can get started on making it work.

Hans Passant 2010-04-23 18:06:37

+1 A:

You can launch a separate exe and have a manifest on it saying it requires administrator. Then be sure to launch it with shell execute, which uses manifests, and you're all set. As a thoughtful touch, put a UAC shield on the button that kicks off that thread. (Send it a BCM_SETSHIELD message if you're doing this all by hand.)

You can decided whether you want a visible window or not on the separate process. Meanwhile the user can still drag and drop into the main app.

Kate Gregory 2010-04-23 17:39:36

ansaurus

tags:

views:

answers:

Windows 7 UAC elevation

related questions