2

I am currently just calling my own program in a new process with:

MyProcessStartInfo.Verb = "runas";
MyProcessStartInfo.Arguments = "MyFlag";

And when the process starts I check for the flag. If it's there – I just execute the method and Close();

But I would rather do something more minimalistic if it could be done simply. Is that possible?

EDIT: Using Vista and Windows7.

ispiro
  • 26,556
  • 38
  • 136
  • 291

3 Answers3

2

You can not elevate a running process. It's simply not possible. You are doing it the correct way, by spawning another process with elevated priviledges. There is no other way.

Thanks. but I was thinking maybe there is a way to start a method as a new process.

You could create a separate application executable that has your method in it, then you would not need to restart your application. You would only need to start that other process.

caesay
  • 16,932
  • 15
  • 95
  • 160
  • Thanks. But I was thinking maybe there is a way to start a method as a new process. – ispiro May 14 '12 at 16:36
  • An app with privilige X spawnning another app with privilige X+1 will not be accomplished in windows 7 and above. it will still be running in privilige X (not X+1). unless things has changed since I last attempted that 6 months ago. – G.Y May 14 '12 at 16:52
1

It isn't minimalistic, but you can use this property I crafted from sources on the net. Some of these calls are pInvoke's. So google 'pinvoke method' to find them.

public static bool IsRunAsAdministrator
{
    get
    {
        WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
        if (windowsIdentity.IsSystem) return true;

        WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity);
        if (windowsPrincipal.IsInRole(WindowsBuiltInRole.Administrator))
            return true;

        //Vista or higher check
        if (Environment.OSVersion.Version.Major >= 6)
        {
            IntPtr hToken = IntPtr.Zero;
            try
            {
                if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, out hToken))
                    Win32.ThrowLastError();

                TOKEN_ELEVATION_TYPE elevationType;
                IntPtr pElevationType = Marshal.AllocHGlobal(sizeof(TOKEN_ELEVATION_TYPE));
                uint dwSize;

                if (!GetTokenInformation(
                    hToken,
                    TOKEN_INFORMATION_CLASS.TokenElevationType,
                    pElevationType,
                    sizeof(TOKEN_ELEVATION_TYPE),
                    out dwSize
                    ))
                    Win32.ThrowLastError();

                elevationType = (TOKEN_ELEVATION_TYPE)Marshal.ReadInt32(pElevationType);
                Marshal.FreeHGlobal(pElevationType);

                return elevationType == TOKEN_ELEVATION_TYPE.TokenElevationTypeFull;
            }
            finally
            {
                CloseHandle(hToken);
            }
        }
        else
            return true;
    }
}
Chuck Savage
  • 11,775
  • 6
  • 49
  • 69
  • Thanks for your input, but I think I'll stick to simple managed code. – ispiro May 14 '12 at 16:38
  • 1
    If you find something simple, please share. I'd love for something that worked in every case on every operating system. – Chuck Savage May 14 '12 at 16:40
  • +1. for way to check for privileges. @inspiro make sure to keep check for flag in place - if you just try to perform operation when your code have enough privileges it may unexpectedly perform operation when run on machine with UAC turned off. – Alexei Levenkov May 14 '12 at 16:54
  • @AlexeiLevenkov I don't quite understand what you meant. – ispiro May 14 '12 at 19:15
  • @ispiro, I.e. you special operation is "delete important file" and your program always performs it as soon as it finds it has enough permissions (rather than checking if "/deleteImportantFile" option is specified) than simple fact of launching the program may (in case of UAC turned off for the admin account) trigger deletion of the file. – Alexei Levenkov May 14 '12 at 19:55
0

You may use use Windows API LogonUser and then impersonate another user to run a piece of code as that user. There is a limitation though. When UAC is enabled LogonUser will give you restricted user token which means impersonated user (even administrator) will never get more rights than you already have. This restriction does not apply to non-interactive sessions (Windows services).

Here is the documentation on how to impersonate in a code. Also, you may find this SO question/answer interesting.

Community
  • 1
  • 1
Maciej
  • 7,871
  • 1
  • 31
  • 36