20

Is it possible for a C++ application running on Windows to drop privileges at runtime?

For instance, if a user starts my application as Administrator, but there's no reason to run my application as administrator, can I in some way give up the Administrator-privileges?

In short, I would like to write code in the main() function which drops privileges I don't need (for instance, Write access on the Windows directory).

Kate Gregory
  • 18,808
  • 8
  • 56
  • 85
Nitramk
  • 1,542
  • 6
  • 25
  • 42

1 Answers1

18

Yes, you can use AdjustTokenPrivileges to remove unneeded and dangerous privileges from your token. You can either disable if not immediately needed (the privilege can be enabled later) or remove a privilege from your token altogether.

You can also create a restricted token via CreateRestrictedToken and relaunch your application running with that restricted token. CreateRestrictedToken can be used to disable privileges and remove groups (like Administrators Group) from a token.

You may be able to use AdjustTokenGroups to remove the administrator group from the token of your running process, but I've never tried this on an already running process.

Note that write-access to the Windows directory is not covered by a privilege. Resources in the system have ACL's which govern who has access. System and administrators have write-access to the Windows directory.

Michael
  • 54,279
  • 5
  • 125
  • 144
  • Do you know which WinAPI calls are usually affected by the token? I've just noticed that if I use `AdjustTokenPrivelegies()` to drop all token privelegies by setting the value of `DisableAllPrivileges` to `TRUE`, it does not "apply" to all APIs I call. For instance if I drop all privelegies and then call the standard windows dialog for opening files, I can still right click in the dialog window and choose "run as administrator" and it will open the chosen file with admin rights. Does the access token have effect only on certain APIs? – Daniel May 14 '18 at 09:07