I am creating a software that require run as administrator when run, most client already aware of it and running it without problems. However this software require to run another software using Process.Start call it SoftwareB. When running SoftwareB, softwareB also require elevated privileges. How do I run softwareB without asking the client for UAC again, because the softwareB should be running in background and the software might be running it when user is not attending the PC.
If you call Process.Start from elevated process, then new process will be elevated as well.
Related
Currently i'm busy creating an application for an Siemens IPC. No problems with the application itself, but some difficulties with elevating the application to "Administator"
We need to have administrator rights to set PC date time, and we use a manifest to elevate the application to administrator.
No problems so far :)
But my problem lies in the fact the "normal" use is an operator which has limited access on the UAC, so i need to provide my administrator credentials to succesfully elevate the application.
I need this to happen automatically at startup, but the windows system does not allow me to use a startup schedular task of windows to run the program with the correct credentials.
Is there any other way to achive to run the application with administrator rights, without having to fill in the UAC credentials?
Thanks in advance!
I am writing a piece of software that needs to launch another program. On the network I am using I am not an administrator and command prompt is blocked.
Will Process.Start() still work?
Will Process.Start() still work?
I can't see how an admin can prevent one process from spawning a child process. It's an essential part of Windows.
For example:
Windows Explorer runs in the user account of the currently logged-in user. In Windows 7+, selecting any folder with the mouse and pressing ctrl+enter, causes a new Windows Explorer window to appear for the selected folder in a new process! You can verify this in Task Manager
If you can do that on your computer in the selected user account, so too should your application.
Blocking the command prompt will not stop Process.Start() from working.
How ever if an administrator has gone to the trouble to block the command prompt they may have implemented a group policy to only allow certain programs to be run.
See this link for details http://www.nextofwindows.com/how-to-use-local-group-policy-whitelist-certain-programs-in-windows-7
You may not be able to start any programs that are not on this "whitelist".
The easiest way to find out is to just try it yourself, but if you are able to run your own custom program that calls Process.Start(), the fact that your program runs, probably means the administrator has not set up such group policy.
I have a very critical process that will run on the background in my winform application.
How can I prevent the user to end my winform application process?
I want to prevent the user to:
end the process from the Task Manager
shutdown the computer before the process of my application end
any other software-related method to kill a process (of course I cannot prevent the user from pressing the power button of his CPU)
My code is in C#, framework 4, build in VS2010 Pro.
Thanks in advance.
Stating your 'absolute' need to keep this process running, I really suggest to separate the critical part of your process from your winforms application and to move this part away from the user machine to a company server.
On this server write a service which keeps your vital work alive and running all the time you like.
These kind of 'absolute' requirements could be enforced only on server machines with redundancy disks, ups units and, (especially), informed sysadmins.
It's basically impossible to stop users from killing processes (you can even kill explorer.exe which is the shell for windows).
So it's recommended that you write your applications in such a way that they are resilient to user action or crashing. In your case it would be wise to have resumable operations in that process.
You can't absolutely ensure these things, but you can get some of what you want by:
1) Run only on Vista or later versions of Windows that assign security levels to processes
2) Run your process as administrator so it is the highest security level.
3) Make sure UAC (User Account Control) is turned on.
4) Turn off access to task manager for the logged in user account (via group policy)
5) Provide no way for the logged in user to elevate to admin, so that he can't run anything that has the privileges to stop your process.
6) Use a Shutdown script to check for your process running and prevent shutdown.
I have one major problem with my app. I have an app & updater as a separate exe files. When an update is available, updater does the update, and on process completion it starts my app. The main problem is - app is installed in program files folder, so updater need UAC admin privileges, and that's ok, but when I need to run my app updater needs to run it as a normal user, because if it's run as an administrator drag and drop doesn't work (not an app problem, UAC blocks it). I've tried several different solutions, and even this one:
How to run NOT elevated in Vista (.NET)
It haven't helped me - my app is run as an administrator.
You'd better avoid starting a non-elevated process from an elevated one. It's tricky part and error-prone.
This approach is better:
Your updater initially starts as non-elevated application, and its manifest has asInvoker level.
When it starts, it restarts itself with elevated privileges using runas verb, and passes a command-line parameter to indicate it. This instance performs the update and returns.
Here comes the non-elevated updater again, and starts your application with the same non-elevated user token that started the first instance of updater in step 1.
Pretty simple and robust.
Look at this post on how to Enable Drag and Drop for an Elevated process. Even though it says MFC app you can cll those Windows API in Any app I suppose
https://helgeklein.com/blog/2010/03/how-to-enable-drag-and-drop-for-an-elevated-mfc-application-on-vistawindows-7/
We have just discovered that code that calls the Win32 SetDateTime function needs to run in elevated mode in Windows 7, i.e. even when logged in as an administrator, one still has to choose to run the Set Date code as Administrator for the call to change the date.
Is there anything I can do in code to always call this function under elevated privileges?
You can use the ShellExecute API call to launch an executable with elevated privileges.
However, if UAC (user access control) is enabled on the machine, the user will still get the UAC prompt asking for permissions to run elevated.
So I don't think you can avoid the prompt for elevation permission, but at least your user doesn't have to manually run the program as an admin.
Please let me know if you need help in how to launch an executable as an admin.
This is just not how security works. Changing the clock is a very intrusive operation, it has a very large number of side effects. There is no mechanism in Windows, or any other operating system for that matter, where you could start a process with limited privileges and then just arbitrarily bypass these limitations and suddenly gain administrator rights. There wouldn't be any point whatsoever to running programs with limited privileges if that was possible.
If you want to do something like this then you'll have to run your program with elevated rights. On Vista and Win7 that requires you to run as a service or a scheduled task. Which require an administrator to get installed. UAC provides a way gain admin rights for regular programs, you have to include a manifest in your program so the user is notified about your privilege elevation. Google 'requireadministrator', take the first hit.
Like others have said, you need to spawn a new process to get elevated permissions, which will result in a UAC dialog.
If this is something you need to run unattended you could try running as a service. That would give you the elevated context you need.