I am writing a piece of software that needs to launch another program. On the network I am using I am not an administrator and command prompt is blocked.
Will Process.Start() still work?
Will Process.Start() still work?
I can't see how an admin can prevent one process from spawning a child process. It's an essential part of Windows.
For example:
Windows Explorer runs in the user account of the currently logged-in user. In Windows 7+, selecting any folder with the mouse and pressing ctrl+enter, causes a new Windows Explorer window to appear for the selected folder in a new process! You can verify this in Task Manager
If you can do that on your computer in the selected user account, so too should your application.
Blocking the command prompt will not stop Process.Start() from working.
How ever if an administrator has gone to the trouble to block the command prompt they may have implemented a group policy to only allow certain programs to be run.
See this link for details http://www.nextofwindows.com/how-to-use-local-group-policy-whitelist-certain-programs-in-windows-7
You may not be able to start any programs that are not on this "whitelist".
The easiest way to find out is to just try it yourself, but if you are able to run your own custom program that calls Process.Start(), the fact that your program runs, probably means the administrator has not set up such group policy.
Related
Background
My application (.NET, C#) performs an in-app upgrade. Depending on installation configuration, the upgrade may need to launch a separate process that requires Administrator privileges. The launched program's manifest specifies that it requires Administrator privileges.
This normally works fine, but if UAC is disabled, and the user is not an admin, then it fails miserably. See below.
Scenarios
UAC is enabled, and the user is an admin - Windows prompts for elevation, and the program executes successfully.
UAC is enabled, and the user is not an admin - Windows prompts for credentials, and the program executes successfully.
UAC is disabled, and the user is an admin - No prompts, the program executes successfully.
UAC is disabled, and the user is not an admin - No prompts, the program starts but fails miserably.
This fourth scenario is the one that I want to solve. I have a rather large customer company that has a policy of turning off UAC on all corporate PCs, for whatever reason.
Mitigation
The simplest solution is to detect this fourth scenario and give the user guidance. I have no problem detecting when this fourth scenario is in effect, and I can then open up an Explorer window to a directory containing the program to execute, and a text file that walks the user through the process of Shift-Right-Click -> "Run as different user".
Desired solution
If I detect that I am in this fourth scenario, then I perform some coding magic to automatically start the process from my application AS IF the user had manually opted to "Run as different user".
I don't know how to implement this solution. I tried to set ProcessStartInfo.Verb = "runas", as I have seen suggested, but that doesn't seem to do anything useful in the absence of UAC. Any ideas?
The correct verb for this case would be
ProcessStartInfo.Verb = "runasuser"
It works well to trigger the "run as different user" authentication dialog for another process.
One possible downside I found was that you will not get a proper process object returned, so you get no handle for that new process. Also it is not really possible to restart your own application with this method as the authentication dialog is running as a thread of the spawning application and only after authentication is a new process created. So if you want to "restart" your application a launcher or some other trick would probably be needed.
I have a single form application which checks user states continuously via timer. I want to start the same .exe by using process.start("C:\inetpub\wwwroot\mywebapp\Checker\checker.exe") in Web Application. The exe appears in System processes list (not appear in application list in Windows Task Manager) after the code executed but it does nothing. It is not changing the user states nor sending Data to Database. But when I start same .exe manually on double clicking, it start working and it also appears in Windows Task Manager Application list and in Process Lists. The .exe is made with C#.Net and is executed file of C# windows application.
When launched by IIS the process will run under the account that started it, which will be the w3wp processes that is running your web application. Because this isn't your account it won't show up in task manager until you select the "show processes from all users" option. When you run it via a double click it is running under your account, so will be visible.
If the changes and database access rely on using your account to gain access then this wont work when it runs from within IIS. For example, if your database connection is done using "Windows Authentication" then it will try to log in as the IIS account, which is unlikely to work.
To fix this you can launch the processes by specifying a username/password in the ProcessStartInfo structure. However, this will require you to embed your password somewhere, which may not be desirable. Alternativly look at changing the database connection string so that you specify the logon credentials explicitly.
I have a WPF application that I would like to be launched anytime the computer starts NOT when a user logs in. I know I can place the .exe in the startup folder, but I don't want that since a user has to login for that to be launched. I cannot use a Windows service, it's not an option for me.
Is there a way to start up an application once the PC starts up(or reboots), even before a user logs in? Any help is much appreciated.
You can't run an application without a user login. The only thing you can run is a Service, which I'm guessing from your question being about WPF that this is not what you want.
How about using the Task Scheduler? In Windows 7, there's a "Security options" section where you can set an option for a task to run whether a user is logged on or not. You can specify an executable file, and it'll start when Windows starts up.
(This won't scale though, if you're looking for an option when a user installs your software. For that, a service is the correct way to go... you may need to elaborate in your question why exactly you can't use a service.)
I have a C# application that needs to run with administrative permissions. In particular, it loads at Windows 7 start-up and executes a few scripts in the background. This process is fully invisible to the user and is covered up with a background when executing. The permissions implementation is via a manifest file. Now, the problem is that I need to automate the step where UAC prompt comes up, and invisibly accept it.
How would something like that be done in C#?
I think what you have to do is impersonate a user with administrator privileges.
Try this: http://msdn.microsoft.com/en-us/library/chf6fbt4.aspx
I have had success with this method before, give it a shot!
I have one major problem with my app. I have an app & updater as a separate exe files. When an update is available, updater does the update, and on process completion it starts my app. The main problem is - app is installed in program files folder, so updater need UAC admin privileges, and that's ok, but when I need to run my app updater needs to run it as a normal user, because if it's run as an administrator drag and drop doesn't work (not an app problem, UAC blocks it). I've tried several different solutions, and even this one:
How to run NOT elevated in Vista (.NET)
It haven't helped me - my app is run as an administrator.
You'd better avoid starting a non-elevated process from an elevated one. It's tricky part and error-prone.
This approach is better:
Your updater initially starts as non-elevated application, and its manifest has asInvoker level.
When it starts, it restarts itself with elevated privileges using runas verb, and passes a command-line parameter to indicate it. This instance performs the update and returns.
Here comes the non-elevated updater again, and starts your application with the same non-elevated user token that started the first instance of updater in step 1.
Pretty simple and robust.
Look at this post on how to Enable Drag and Drop for an Elevated process. Even though it says MFC app you can cll those Windows API in Any app I suppose
https://helgeklein.com/blog/2010/03/how-to-enable-drag-and-drop-for-an-elevated-mfc-application-on-vistawindows-7/