1

I have an applicaction which is running with administrative privileges. Privileges are escalated automatically using application manifest.

  <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
    <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
  </requestedPrivileges>

From this app I have to execute some code as a user who started the app, but without elevation. How can I achieve it?

TOP KEK
  • 2,593
  • 5
  • 36
  • 62
  • 1
    You would have to implement a method [to impersonate the current user](http://stackoverflow.com/a/7250145/1250033). – rae1 Jan 29 '14 at 14:17
  • Impersonation will work, but it may be cleaner to rearchitecture so that the application launches without elevation, creating an elevated copy of itself to perform the admin taks. (If nothing else, this means that the parent process can pass its PID to the child process on the command line, saving you from trying to figure out which process to impersonate.) – Harry Johnston Jan 30 '14 at 01:02

1 Answers1

2

You can use impersonation to achieve the desired results. In order to impersonate the current user without a password you need to find another process that the user has ran and get the token from that. Explorer is good for that. Here is full sample code.

krowe
  • 2,129
  • 17
  • 19
  • Impersonation requires user password, right? Can I do it without prompting user for password everytime? – TOP KEK Jan 29 '14 at 14:27