1

I want run my program under a limited user account but with administrator privileges on windows XP.

I can't find an answer. I think I can use two ways:

  1. Run my program by another way like a program or a service
  2. Run my function with some method like PrincipalPermission space or something like this

But I can't solve this problem.

Rob
  • 45,296
  • 24
  • 122
  • 150
imans62
  • 33
  • 4

3 Answers3

2

Have you looked at the "runas" command? For example:

C:\> runas /noprofile /netonly /user:MYCOMPUTER\testuser "C:\Program Files\My Special Program\Program.exe"
NateTheGreat
  • 2,295
  • 13
  • 9
  • yes .. i see that solution .. but in that solution my administrator account must have a password and if i want change this password i must change something and send new password to my program .. i want my program don't need the administrator password for login or do something... – imans62 Apr 22 '11 at 04:14
2

I want run my program under a limited user account but with administrator privileges.

This can't be done. A limited user doesn't have admin privileges. You need to run it as an admin user with, e.g. runas.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • i think fine a good solution for my problem ... i use service to run my program but i can't still run GUI application by a service... – imans62 Apr 22 '11 at 04:15
1

One way to solve this is to fragment your program into two parts. One part as a windows service and the one as a user app. You can set the service to run as a Network Service, Local Service or Local System depending the level of access you need. Anything that needs administrator privileges will be performed by the Windows service. The user app can be responsible for showing the user interface and other similar things. You need to have some kind of IPC (Inter process communication) between your applications to facilitate this as well.

Can Gencer
  • 8,822
  • 5
  • 33
  • 52
  • it is bad practice to run as localsystem – David Heffernan Apr 20 '11 at 14:34
  • 1
    @David, not necessarily. depends what you want to do. besides, you can run a service account as whoever you want. good practice is to use an account that gives you the just the minimum amount of priviliges that you need. – Can Gencer Apr 20 '11 at 14:37
  • 1
    It is bad practice to run **sql server** as local system because it doesn't need all the privileges and can run fine as network service. I don't know what his application needs to do with the system so cannot say. You can go into your CP->Services and see tons of services running as local system, and they are doing that for a reason, not just bad practice. – Can Gencer Apr 20 '11 at 14:46
  • 1
    @Can: Once an application is elevated to Local System, all bets are off. Microsoft (and many security researchers) recommend you run your application as a limited user and write software as a limited user because running as an Administrative type account is just dangerous. –  Apr 20 '11 at 14:53
  • 1
    @0A0DA I am fully aware of that. As I said, we don't know what the application wants to do. Maybe it really needs low level access to the system. Maybe not. It depends on what operations the app wants to do on the system. I mentioned local system as an example. I updated my answer to reflect this. – Can Gencer Apr 20 '11 at 14:55
  • thanks all for good information ... i try to use all inf and make a Frankenstein .... (that's a joke) i know if i run my program with administrator permission is dangerous .. but i muse chose between bad and worse ... i muse run in limited account with admin privileges .. in tree pass month i try all ways to solve this problem but not work correctly .. thanks all – imans62 Apr 22 '11 at 04:27