1

We would like to develop a windows 10 device, with our software suite embedded into it. This device will have two accounts: an admin account and a limited account. The final user (located worldwide) will use the limited account and will not know the admin password.

The problem we are facing is we wasn't able to run a software with both a gui and admin permissions (i.e. the setup for updating our software suite).

Till now we tried:

  1. running the process from a windows service : the process starts with admin rights, but no gui is showed
  2. running the process from a windows service impersonating current user: the process shows the gui, but no admin permission
  3. running the process from a windows service impersonating the admin: same result in 1.
  4. running process with task scheduler : no luck with both admin (no gui) and limited account (no admin rights)
  5. running process with psexec (from sysinternals pstools): same results as above.

Are there any workaround for launching an admin process with user interface from a windows service? I know we can have a service with admin rights comunicating with a non admin gui process (using named pipes, mqtt or...), but this is not feasible with an installshield (or nsis or...) setup.

Or are there any other solution to our problem?

Thanks for any reply.

vds7
  • 11
  • 3

2 Answers2

1

Team Viewer has an API that resolves all such problems. It will also allow you select which credentials must be given to the user. You can well use that as turn on your User account and then after Installation of TeamViewer API and all of the things ready with the privileges set. You can make a decent connection.

With the team viewer API you can control you cmd from cmd type: start /pathtoteamviewer.exe Then the remote host which will access the PC that you want to use shall tell the user to enter the ID and Password of the User PC. And Kaboom you have done with ease what you want.

If you enable the password feature of remote connect in TeamViewer this will also help if you are taking your project to the next lvl.

I hope this helps.

Muneeb Ahmad Khurram
  • 582
  • 7
  • 20
  • Maybe I missunderstood your reply, but a remote connection to each PC is not an option, hopefully we will have thousands of PCs to manage. The plan is notifying the user a new update, user decide to start updating, a service (or whatever) will start the setup with admin rights. – vds7 Mar 18 '20 at 12:58
0

I have understood your Question. Back in the day when I was Programming I made a solution for Myself as;

  1. Create a Powershell Script to Download Things from your Website (an Update.txt file); See: https://blog.jourdant.me/post/3-ways-to-download-files-with-powershell

    $url = "http://mirror.internode.on.net/pub/test/Update.txt"

    $output = "$PSScriptRoot\Update.txt"

    $start_time = Get-Date

    Invoke-WebRequest -Uri $url -OutFile $output

    Write-Output "Time taken: $((Get-Date).Subtract($start_time).Seconds) second(s)"

  2. In that file write the version number and in your Program which you have created also have a version.txt compare them by simple logic if it is not equal to the Update.txt ask the User to Update.

  3. Again use the Powershell Script to download your update Installer after a Yes/No Dialog box with the user.

  4. Run your Updater with Admin Privileges See: How to start a Process as administrator mode in C#

Muneeb Ahmad Khurram
  • 582
  • 7
  • 20