1

I want to create a service. This service will do some diagnostics on current logon user's session. For example invoke some WMI commands. as you know when you connect to WMI as service you cannot see items ( for example printers or something else ) specific to user's session

So I started my research and I came up with CreateProcessAsUser() (because I don't know current user's password this seemed to me like it will do the job).

I have succefully got active session id and got token from session and duplicated session and called process as currently logon user. But the problem is when i call another exe its called without elevated rights. I'm stucked at this point.

My questions:

  1. is it possible to call another exe as user but with admin rights ?

  2. Is this correct and modern approach to this problem? I mean I read some people suggest to create 2 components. One is some simple application which will run at user's context other is service. This service and small application will communicate.

  3. If i choose to go with 2, is it possible to start this small application on user's context with admin rights from the service?

EDIT:

I think i got close but little bit confused. If i Duplicate the token as i told i get user session but without admin rights. But instead of duplicate if i get linked token ( as i read its admin token) i get it following way 

 IntPtr adminToken = IntPtr.Zero;
 uint TokenInfLength = 0;
 GetTokenInformation(hToken, 
 TOKEN_INFORMATION_CLASS.TokenLinkedToken, adminToken, 
 TokenInfLength,out TokenInfLength);

my process runs as admin but not in logon user's context it runs as system's context i cannot see user specific data. I don't understand how to give this token rights to currently logon user

Cozdemir
  • 177
  • 2
  • 19

1 Answers1

0

it is possible i.e. you can use DuplicateToken function and then CreateProcessAsUser with duplicated token and elevated privileges.

To work under service this functions are required some changes in local policies

Павел Марченко
  • 171
  • 4
  • Hello, thank you for you answer. actually this is what i already do. process runs with current logon user but without admin rights. this is my problem. Is this design correct ? Should i separate components ? – Cozdemir Jun 08 '18 at 13:15
  • @Cozdemir I had a service that run another exe in my past project. Design is correct. As far as I remember to run process with elevated permission from service you should configure this policies: Act as part of the operating system Create a token object Log on as a batch job Replace a process level token – Павел Марченко Jun 08 '18 at 13:45
  • @Cozdemir Ah, I see. Please look at https://stackoverflow.com/questions/15383684/run-a-process-from-a-windows-service-as-the-current-user also https://www.codeproject.com/articles/35773/subverting-vista-uac-in-both-and-bit-archite may be helpful. – Павел Марченко Jun 09 '18 at 08:40
  • Thank you so much. i read before but i will check again now . I just dont understand when we start something as user ( createprocessasuser() ) but if this user is standard user. how do we give elevated rights to this user ? I didn't understand which part of example code does that. Beacause this is my problem i can start somethings as user but because user is standard it cannot do some actions. – Cozdemir Jun 09 '18 at 09:40
  • @Cozdemir your user must have administrator rights or you should have password for privileged user. Or it'll be a security hole. – Павел Марченко Jun 09 '18 at 13:45
  • Hmm as far as i understand what i want is impossible. It's impossible to start process from service in standard user's context with elevated rights for standard user. Thank you so much for your help Pavel. – Cozdemir Jun 09 '18 at 13:53