Reputation: 3343
Run an application as Administrator with predefined username and password
In my application I have some Save methods that store data on user's hard disk. How could it be possible to prevent the user from getting access, change or delete that files as soon as the application can still access, change and delete that files?
The possible solution is running the application As Administrator on a limited user who don't have access to the save folder but with a predefined Username and Password of the system administrator which stored in application.
I've read other topics to work with UAC, Application Manifest.
As I mentioned in Title Is it possible to run a program as administrator without user interaction?
EDIT 1: I'm looking for a solution that works on all version of windows(XP, Vista and Seven)
Upvotes: 2
Views: 2084
Answers (2)
Reputation: 3343
@HarryJohnston said in comments:
"To do what you're asking for, write a launcher application that uses CreateProcessWithLogonW (with a known admin username and password) to start the real application. Be warned that a competent user will be able to extract the admin credentials and log on as the administrator. Ben's answer (a split application) is the proper approach."
And it's my selected answer.
Upvotes: 0
Reputation: 35643
I assume you have investigated the capabilities of ACLs and you cannot make them meet your needs. For example you can set an ACL which allows any user to create a file, any user to modify or delete a file they created, but not modify or delete other user's files.
The correct way to solve this problem is to have the applicaton split into two parts. One is running as a windows Service, Activate-As-Configured-User DCOM server or other elevated process, the other is running as the dumb-old-user.
When the client application wishes to carry out an action which requires elevation, it passes the request to the elevated half of the application. This will perform any security checks, application logic checks, etc, which are required, then carry out the action.
In this way you can prevent the user going in though the back door and messing up your application data. However it doesn't really help with them messing up the data through the FRONT door.
Upvotes: 4
Related Questions
- Running Program as Administrator at Startup
- Run a program as user identity but with elevated privileges
- How to make a program Run as Administrator Automatically
- Launch an app on Windows startup that requires administrator privileges
- Need to run as administrator in C# App
- How to start a program requiring admin rights as an admin user from a nonadmin account
- C#: Start process as the "real" administrator with hard coded privileges
- Win C#: Run app as administrator without UAC prompt
- How to launch an application with admin rights
- Run .NET application as administrator