2

I have a problem with this situation: I made 2 programs:

The first one just print an output saying that was launched with admin provileges or not, and the second one, execute the first program with admin privileges and without use the UAC. The trouble is that the second program can't launch the first with admin privileges i don't know why. This is my code:

Code of the first program:

// This only prints if you start as administrator or not.
bool isElevated;
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
isElevated = principal.IsInRole(WindowsBuiltInRole.Administrator);
Console.WriteLine("I got admin privileges?: "+isElevated);

Code of the second program:

// This execute the first program with admin privileges without UAC
string username = "myuser";
SecureString userpass = new SecureString();
userpass.AppendChar('m');
userpass.AppendChar('y');
userpass.AppendChar('p');
userpass.AppendChar('a');
userpass.AppendChar('s');
userpass.AppendChar('s');

Process program = new Process();
program.StartInfo.UserName = username;
program.StartInfo.Password = userpass;
program.StartInfo.FileName = "Path/First_program.exe";
program.StartInfo.UseShellExecute = false;
program.Start();

PD: I don't want the user to open the UAC, thats why i already insert the username and the password. Thanks in advance.

suffuko
  • 143
  • 1
  • 2
  • 12
  • To my knowledge, you can't circumvent the UAC that way. If the running program doesn't have admin privs then the called program needs to request admin privileges which will trigger the UAC. – itsme86 Mar 14 '17 at 21:01
  • Have you tried making the password `SecureString` read-only? – Ben Voigt Mar 14 '17 at 21:06
  • @BenVoigt , "SecureString" is working fine, because when i write a wrong password it throws me an exception. – suffuko Mar 14 '17 at 21:14
  • 2
    The problem is that `Process.Start()` uses `CreateProcessWithLogonW` which [filters the user token](http://stackoverflow.com/a/21718198/886887). I'm not aware of any good workaround, perhaps using a scheduled task? Failing that, your best bet is probably to install a system service to launch the child on your behalf. (With due care for the security considerations, of course.) Better still, rearchitecture so that you no longer need to do this. You shouldn't have admin credentials sitting inside an executable anyway. – Harry Johnston Mar 14 '17 at 21:28
  • @HarryJohnston: That answer of yours you linked to appears to have a solution (the LOGON32_LOGON_BATCH flag), does it not? – Ben Voigt Mar 14 '17 at 23:03
  • @BenVoigt, you need admin privilege to create a new process using the token. Not sure if there's any way around that. – Harry Johnston Mar 15 '17 at 00:26

1 Answers1

3

You have half of the answer. The other half is that the program must request to be executed with elevated privileges. By default, Windows programs run in a "Basic" trust level, regardless of the true level of permissions possible under the user. To gain access to administrative powers, the program must request elevation, which by definition will involve UAC.

Programs like yours can request elevation using the runas verb in the ProcessStartInfo, or by specifying requireAdministrator elevated permissions in the manifest of either application (assuming you control them). Either way, if UAC is enabled, the user will get a prompt.

The only way to circumvent this is to set up the program that would otherwise require elevated permissions as a Windows service, configured in services.msc to run with administrative permissions. You'll get one UAC prompt when installing/registering the service to run in this way, and from then on the service can perform that task without any further UAC action. You can then use various communication technologies, from named pipes to true network comms like TCP, to signal the service that it should do what you want.

KeithS
  • 70,210
  • 21
  • 112
  • 164
  • 3
    A somewhat simpler alternative to a service is a scheduled task, with permissions set to allow an unprivileged user to trigger it. Then you can run any command, it doesn't have to have all the service management stuff in its main loop. – Ben Voigt Mar 14 '17 at 23:01
  • Is there no way to somehow sign the executable to say that it is trusted? – Adrian Feb 05 '19 at 17:39