0

I am working on an application (Windows XP and 7 - don't ask! ;) ) for the taskbar notification area. It is being started form user and admin accounts and usually does not need an elevated permission, I also don't want to bother every user with an UAC Dialog when the application is started.

Now I would like to integrate one call (write to the registry, HKLM) requiring elevated permissions and I wonder about the best strategy to implement this (in this case, in Delphi) for Windows 7+?

I have seen programs calling themselves with elevated permission and a parameter (Delphi: Prompt for UAC elevation when needed) - but is there any better way to do it?

Community
  • 1
  • 1
LeRookie
  • 311
  • 3
  • 12

1 Answers1

2

You can only elevate a process when the process is created. So that means you need to create a new process for this task.

When you need to perform elevated tasks, start a new process by calling ShellExecuteEx with the runas verb. Specify the tasks to be performed in the process command line.

If you can do this task at install time that is probably preferable.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • 2
    This is one way to do it, and frankly it is the simplest way, but it is not the only way. Another way is to implement the desired admin tasks inside a COM object that the main app can then instantiate when needed using the [COM Elevation Moniker](https://msdn.microsoft.com/en-us/library/windows/desktop/ms679687.aspx). This way, you don't have to spawn a separate process. – Remy Lebeau Jan 30 '16 at 21:22
  • 1
    @Remy You do indeed spawn another process. The COM server runs in a separate process. – David Heffernan Jan 30 '16 at 22:18
  • OK, let me re-phase then: "This way, you don't need to *explicitly and manually* spawn a separate process. The main app can use and communicate with the COM object as it would any other COM object." – Remy Lebeau Jan 31 '16 at 00:42