Reputation: 4153
Starting process as different user
I hope someone can help me with this! I have a similar problem as decribed in: Impersonate standard user
I want to be able to create a process as standard user from application that runs with elevated admin privileges ( UAC Execution level: requireAdministrator ). The user starts the application by borrowing privileges from one of the administrator accounts.
I have succeeded in acquiring a handle to explorer.exe process of this user and it is stored in variable m_hExplorerProc. After that I proceed as follows:
HANDLE hProcToken = NULL;
BOOL success = OpenProcessToken(m_hExplorerProc, TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_ASSIGN_PRIMARY | TOKEN_ADJUST_PRIVILEGES, &hProcToken);
BOOL lookupRet = LookupPrivilegeValue(NULL, SE_ASSIGNPRIMARYTOKEN_NAME,
&(tokenPrivs.Privileges[0].Luid));
tokenPrivs.PrivilegeCount = 1;
tokenPrivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
BOOL adjustRet = AdjustTokenPrivileges(hProcToken, FALSE, &tokenPrivs, 0, NULL, NULL);
lookupRet = LookupPrivilegeValue(NULL, SE_INCREASE_QUOTA_NAME, &(tokenPrivs.Privileges[0].Luid));
tokenPrivs.PrivilegeCount = 1;
tokenPrivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
adjustRet = AdjustTokenPrivileges(hProcToken, FALSE, &tokenPrivs, 0, NULL, NULL);
HANDLE hDuplicatedToken = NULL;
success = DuplicateTokenEx(hProcToken,
TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_ASSIGN_PRIMARY | TOKEN_ADJUST_PRIVILEGES,
NULL,
SECURITY_IMPERSONATION_LEVEL::SecurityImpersonation,
TOKEN_TYPE::TokenPrimary,
&hDuplicatedToken);
int err = 0;
if(FALSE == success)
err = GetLastError();
LPCTSTR appName = L"C:\\testapp.exe";
PROCESS_INFORMATION procInfo;
ZeroMemory(&procInfo, sizeof(procInfo));
STARTUPINFO startupInfo;
ZeroMemory(&startupInfo, sizeof(startupInfo));
startupInfo.cb = sizeof(startupInfo);
startupInfo.wShowWindow = SW_NORMAL;
startupInfo.dwFlags = STARTF_USESHOWWINDOW;
success = CreateProcessAsUser(hDuplicatedToken, appName, NULL, NULL, NULL, FALSE,
NORMAL_PRIORITY_CLASS | CREATE_DEFAULT_ERROR_MODE,
NULL, L"C:\\", &startupInfo, &procInfo);
if(FALSE == success)
err = GetLastError();
The process is not created and last error is 1314 which translates to: "A required privilege is not held by the client".
In this code I am just trying to execute a dummy app but I eventually want to run browser which was selected as default by this user. Does someone have an idea what am I doing wrong, or perhaps suggest an alternate solution to my problem?
Upvotes: 0
Views: 2382
Answers (2)
Reputation: 807
I know this question is very old, but I would like to add something useful (I think). If you want to use CreateProcessAsUser you need privileges, which can be obtained by impersonating a powerful token. See this answer for detail.
Upvotes: 1
Reputation: 4153
I know it's not cool to answer your own question but three month have passed and still no one suggested an answer.
I have not been able so solve the problem described above using function CreateProcessAsUser but I have stumbled upon an alternate method using ShellExecute from IShellDispatch2 interface which enables you to start a program as current interactive user. Complete code can be found at: https://code.google.com/p/mulder/source/browse/trunk/Utils/nsis_stdutils/Contrib/StdUtils/ShellExecAsUser.cpp?r=327
I hope this helps someone with a similar problem!
Upvotes: 1
Related Questions
- Win32 API : User Impersonation technique to run a process as some other user?
- How do start a process as a normal user?
- Running program as another user
- Windows: Call a process for a user
- How to launch applications inside a logged in user from another logged in user?
- Invoking the application as system user(Windows)
- How to start a process under current User?
- Switch Existing Process To Another User Using .Net/C# or WinAPI?
- How to run a process as an administrator from Win32 \C++
- open process as different user