3

I have an application developed in vb.net which needs administrator privileges. I have set level = "requireAdministrator" in the application manifest. My client wants this application to be run by a local user due to some restrictions in their organization. So I created another ‘Launcher’ application which will actually save an administrator credentials in an encrypted format and will use the saved credentials to run the ‘Original’ application.

Everything works fine if I’m using the ‘Administrator’ account (Built-in account). But if I’m using the credentials of the manually created administrator account – the process.start () line is throwing an error “The requested operation requires elevation” I really couldn’t identify the difference between the built-in administrator and manually created administrator account. I confirmed that both the users (built-in and manually created) are members of Administrators and HomeUsers. I tried all possibilities by creating different users with different user groups and even with different OS (windows 7 and Windows 10 – both 32 and 64 bit versions) – but, all are working in the same manner as explained above. Is there anything that I have to change in my code? 

     Dim psi As New System.Diagnostics.ProcessStartInfo()
        psi.FileName = (AppToStart)
        psi.RedirectStandardError = True
        psi.RedirectStandardOutput = True
        psi.CreateNoWindow = True
        psi.UseShellExecute = False
        psi.UserName = TbUser.Text
        psi.Password = ConvertToSecureString(TbPass.Text)
        psi.Domain = ""
        Dim p As Process = Process.Start(psi)

Additional Info: Here I'm running this 'Launcher' application as a standard user (not administrator) and the application works well and it really elevates the privileges if

TbUser.Text = “Administrator” and TbPass.Text = 123 (Administrator password).

But this is not elevating privileges if

TbUser.Text = “Adminuser” (which is also an administrator belongs to the same ‘Administrators’ group) and TbPass.Text = 321 (password for Adminuser).

MaliCMT
  • 31
  • 3
  • 2
    Possible duplicate of [Elevating privileges doesn't work with UseShellExecute=false](http://stackoverflow.com/questions/3596259/elevating-privileges-doesnt-work-with-useshellexecute-false) – GSerg May 02 '16 at 18:59

1 Answers1

1

Unfortunately you can't do this and here is why...

Basically verb isn't recognized when psi.UseShellExecute = False, this would need to be psi.UseShellExecute = True. You are doing this while trying to use runas as an elevated permission.

In your situation, you would not use the verb = runas, make sure the application has already been started with the correct permissions.

Please see more here about elevating privileges, Hans Passant say's it best...

Community
  • 1
  • 1
Trevor
  • 7,777
  • 6
  • 31
  • 50
  • @MaliCMT : In addition to this, you could create a background application which you start with elevated privileges. Your background app in turn will then start the process you want with the redirected output and then backgound app will close itself. Now you just have to find the right process by retrieving the ID from the background app, or just by searching for it by name. – Visual Vincent May 02 '16 at 19:53
  • @zaggler : You are right. In fact I put the .verb = "runas" as part of testing different possibilities and forgot to remove it from the code while posting. I have removed the line. Thank you for your feedback. Unfortunately your answer didn't answer my question. I have made my question little more clear. – MaliCMT May 02 '16 at 20:12