tags:

views:

58

answers:

2
+3  Q: 

Server 2008 Cannot Set User Rights

I attempted to do some Win32 stuff in C# 3.5 to get elevated User Rights for a console app. I develop on Visual Studio 2008 SP1/GDR and things work fine when run under the debugger. Things also work fine when I run the console app stand-alone. Things also run fine when I package everything into an MSI and install it on a 2003 server and run the console app.

If I take the same MSI and install it on a 2008 server with UAC enabled, then run the console app, I get messages like this:

Unable to set right for the account "DOMAIN\QAUSER": SeCreateGlobalPrivilege
System.UnauthorizedAccessException    Attempted to perform an unauthorized operation.

I cannot expect my deployment/server admins to do anything with my app other than install it, and they are not going to turn off UAC. There must be some programmatic way to properly set user rights that I can add to the console app - anyone know how?

Thanks.

A: 

I assume that UAC is enabled on the 2008 machine and I cannot comment yet on your question to find out.

If so, ensure that in your app.manifest file in VS (under properties), change 

<requestedExecutionLevel  level="asInvoker" uiAccess="false" />

to

<requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />

Even if the code is running as an administrator, you have to get by the UAC warning.

darkstar3d  2010-10-12 16:35:06
How does the VS setting affect what my deployed app does? I think there should be something that I can programatically set to do what might go in a VS configuration.
ScSub  2010-10-13 19:22:04
I doubt that your app after deployment will be able to change the way its run. If that is the case, any malicious app could set itself up and we would be back to the wild west days of XP. The VS setting is part of the UAC process and determines on build, what permissions an app needs. It must still be ran (I think) as an admin and after the setting change, you will see that the icon has the UAC shield on it.
darkstar3d  2010-10-14 02:55:06
+1  A: 

Probably you use "Global\" prefix to the object name in your application and your application will be started inside a Remote Desktop Session Host (RD Session Host) server session. In the case your program have to enable SE_CREATE_GLOBAL_NAME (SeCreateGlobalPrivilege) privilege. See C# – How to enable SeDebugPrivilege? (but use SE_CREATE_GLOBAL_NAME instead of SE_DEBUG_NAME) or Manipulate Privileges in Managed Code Reliably, Securely, and Efficiently as an example.

Oleg  2010-10-17 22:00:47

related questions

Starting/Stopping a service on Windows 2008 Server from the command line - access denied
MySQL 5 (32bits) on Windows 2008 server
Webdav windows server 2008 not allowing doc files to save
Access denied when creating a virtual directory via Web Deployment Project
Should I upgrade to Windows Server & Exchange 2008?
Programs don't work on Vista and Server 2008
.NET Remoting and Server 2008 (64 Bit)
Windows 2008 VPS hosting experiences
WebResource.asd giving 403 error in ASP.Net Post backs using IIS7
How do you Install a SSL Certificate
Windows Server 2008 SSTP VPN in a Non-Domain Environment?
How do you enable the network on a virtual machine running Vista x64?
How to optimize compiling a 32 bit application in Visual C++ 2005 on a 64 bit windows sever 2008
Is it possible, by any stable method, to enable ReadyBoost on Windows Server 2008?
Where do I enter the Windows Server 2008 key after installing it?
Windows Server 2008 Virtual Hosting?
Detecting if WinHelp is Installed on Vista or newer Windows
Windows Server 2008: COM error: 0x800706F7 - The stub received bad data
How can I change IE's homepage without opening IE?
Will this hardware be 64bit Windows Server 2008 compatible?
Remotely starting and stopping a service on a W2008 server
How can I prevent a server from becoming locked after a Remote Desktop session
Is it safe to install SVN on a production win2008 web server?
Windows 2008 Server as a developers desktop OS
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?