Reputation: 3630
Explicit ShellExecute without elevated rights
ShellExecute has a parameter that allows to request a UAC permission to run a process with elevated rights: runas
Launches an application as Administrator. User Account Control (UAC) will prompt the user for consent to run the application elevated or enter the credentials of an administrator account used to run the application.
But is it possible to do the contrary?
I have an application that is run with elevated rights by default and there are urls which user can open. But if I use ShellExecute, a default browser will be opened. Some malware can be registered as a default browser.
using CreateProcessAsUser to launch a url - this question seems to be on the same problem. It generally indicates, that CreateProcessAsUser can't be used to open a URL by itself.
Upvotes: 1
Views: 587
Answers (1)
Reputation: 490018
My personal inclination would be to call FindExecutable or AssocQueryString, then use CreateProcessAsUser to open the browser with the un-elevated account/credentials.
This is a little more work than using ShellExecute, but not a whole lot--and it makes your intent 100% clear and explicit.
Using COM from C++ is enough work that it's almost certainly more work to use IShellDispatch2, and (at least to me) that seems likely to do quite a bit more to hide the real intent of the code.
Upvotes: 1
Related Questions
- Shell Execute From Explorer
- shellexecute with administrator privileges doesn't end
- Is it possible for the executable to ask for Administrator rights? (Windows 7)
- c++ createprocess as administrator and get its output
- Setting Admin privileges for an Application
- Elevating process via ShellExecuteInfo - Infinite shells?
- ShellExecute get access to open folder
- How to run a process as an administrator from Win32 \C++
- ShellExecuteEx + runas + file access permissions
- Waiting for ShellExecuteEx (Setting access rights on Windows process)