0

I'm using a windows API call to Create a Process in a simple account as an administrator using CreateProcessWithLogonW 

createprocesswithLogonW('admin',
                        nil,
                        'Pa$$w0rd',
                        LOGON_WITH_PROFILE,
                        'cmd.exe',
                        nil,
                        0,
                        nil,
                        nil,
                        Si,
                        Pi);

but sometimes it returns

Error 5 Access denied

, and when it does not , it does not run it as administrator even if that account is an administrator

Paul Sanders
  • 24,133
  • 4
  • 26
  • 48
deadc0der7
  • 301
  • 5
  • 17

4 Answers4

2

If you want the process to be elevated (or the process requires elevation) you cannot do that with CreateProcessWithLogon.

I am not able to test that right now but I think you need to:

  1. Call LogonUser to get the primary token
  2. Call GetTokenInformation with the TokenLinkedToken Information class to get the linked (Elevated) token.
  3. Call CreateProcessAsUser with the linked token.
Remko
  • 7,214
  • 2
  • 32
  • 52
2

If you don't mind UAC kicking in (but I fear that you do), then you can simply do, for example:

HINSTANCE hInst = ShellExecuteW (NULL, L"runas",
    L"notepad.exe", NULL, NULL, SW_SHOWDEFAULT);

Check the documentation for values returned in hInst. Sorry the example is in C++ but I'm sure you can translate.

If you want to circumvent UAC then you must indeed launch your application from a service in order to have it run elevated. Sample code here, again in C++, sorry, and it could use a little polishing up but it certainly works. I assume you want to run the process in the context of the currently logged-in user as that code does. Please vote that answer up (or this one, or both) if it helps U.

Edit: (as the OP is still evidently struggling with this).

You know what? I could give you chapter and verse on how to solve this problem but I'm not going to, because you would just build one big, huge security loophole when your software was installed. That too is soluble, but would you actually bother?

Anyway, put yourself in your users' shoes for a moment. How do you think they will feel when a program starts doing things that can normally only be done by a program running as Administrator without first displaying the expected UAC prompt? If it was me, I would freak out.

So no, just use the ShellExecute trick I first recommended and leave it at that. It's more than good enough.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Paul Sanders
  • 24,133
  • 4
  • 26
  • 48
  • this will bring the prompt asking for admin priveleges , but I want to run it with admin credentials that i already have – deadc0der7 Jul 04 '18 at 12:46
  • Then you will have to write a service, it's not hard. Please refer to the code I linked to. – Paul Sanders Jul 04 '18 at 13:02
  • well I'm creating a Launcher that launches my application which required admin priveleges to change the domain name of users that belongs to the domain , users should not be admin , or be given admin credentials, so I must do it that way – deadc0der7 Jul 04 '18 at 13:25
  • 1
    Well, sorry to have to tell you this (again), but you can't. It's a service or nothing. Does your launcher have an installer? If so, you can run that installer elevated and install the service then. To do this, check out the `SC` command, see: https://stackoverflow.com/a/47006989/5743288 (and no doubt other similar information sources on the 'net). – Paul Sanders Jul 04 '18 at 13:34
  • @user3374161 then use a deployment/configuration tool to do this such as SCCM which are designed to handle such functionality – Remko Jul 04 '18 at 15:37
0

I believe that one can achieve the end goal of running a process as another user as well as being elevated by using an intermediate bootstrapper application.

Use CreateProcessWithLogonW to create a process with the other user's credentials but instead of running the target application, you could create another application that exists only to create an elevated process, or call the current application with some arguments specifying that you want to elevate the target application (something like --elevate C:\Windows\Notepad.exe). This process would (running as the other user) use the runas verb in a ShellExecute to launch the desired application.

Runner.exe uses CreateProcessWithLogonW(user,pass)
=> (to run)
Runner.exe --elevate C:\App.exe uses ShellExecute(runas)
=> (which gives)
App.exe (running as user + elevated)

You would get a UAC prompt but that is how Windows works now and it should not be circumvented.

For my money that's way easier than creating a service that you then have to communicate with etc.

You can read about this here (Windows Blog Archive: Why Can’t I Elevate My Application to Run As Administrator While Using CreateProcessWithLogonW?) It's a bit old, but it's still valid. Happy to be proven wrong.

Jacob Degeling
  • 358
  • 3
  • 12
0

Yes, with a service you can run an application with specific admin credentials, but please be aware this will create other undesired side effects. So I think you’re better of trying to review your use case: do you really need a simple non-admin user to have an application run elevated with every security hole you can think of…. My answer is NO absolutely not. Usually you can setup things during install (with admin rights) and sometimes give specific user groups some rights to modify parts (Like folder rights). But that’s it.

So many users keep asking this same question, but simple everything you try is just something that’s getting close to hacking Windows and that’s just plain bad.

If you really don’t want UAC to kick in, then disable it for the machine! But I don’t think you want that…

R. Hoek
  • 916
  • 8
  • 27