On vista Beta 2, i have added a manifest to one of my executeables that specifies the "highestAvailable" application marking.
If I am logged on as a member of the administrator group, with UAC at the default setting, and call CreateProcess() on this executable, it fails with GetLastError()==740.
Wouldn't it be better if the process creation succeeded, but as a limited user
This makes things very difficult to code for - if my application is started directly by the user, via cmd.exe for example, I get the UAC dialog, but if it is started silently via CreateProcess(), it fails completely.
How about if a service needs to impersonate a user, but with elevated privileges enabled A code sample for this would be great.
CreateProcess() + "highestAvailable" = error 740
aimbie
Hermann, ShellExecute indeed calls CreateProcess.
When elevation is required, that CreateProcess fails (740 => ERROR_ELEVATION_REQUIRED).
ShellExecute notices that error code and takes appropriate action to trigger the elevation.
Ultimatly, it's the Application Information Service that starts the elevated process using CreateProcessAsUser.
HighestAvailable is meant for applications that work well elevated or not (regedit.exe, mmc.exe), and should run elevated whenever possible.
But when the logged on user is not strictly a standard user (i.e. his elevated token would be the same as his standard token), elevation is always triggered.
M. Pfennig
Remember this>
http://groups.google.com/group/comp.os.ms-windows.misc/tree/browse_frm/thread/2e504f3435ab24d4/7baf6b6cad9cbab5 rnum=531&q=intel+x86+consortium&_done=%2Fgroup%2Fcomp.os.ms-windows.misc%2Fbrowse_frm%2Fthread%2F2e504f3435ab24d4%2F96cbe4eb2c34c5c9%3Flnk%3Dgst%26q%3Dintel%2Bx86%2Bconsortium%26rnum%3D1%26#doc_761ebda0a17cb4d8
Michael Nemtsev
But, what the hell does ShellExecute() to provide CreateProcess() with the parameters, that it works properly, because by the end it must come down to CreateProcess(), because this is the function exported kernel32.dll to start processes.
Well, there is one other way. It might use NtCreateProcess() from ntdll.dll, but in both scenarios it does something to satisfy xxCreateProcess to work properly, and this is done in usermode.
So are there calls to deal with UAC, which are performed by ShellExecute(), and with the results CreateProcess is satisfied
Anyone from UAC team reading this
Ciao Hermann
BBedell
Process
proc = new Process();proc.StartInfo =
new ProcessStartInfo(@"<path to new application>");proc.StartInfo.UseShellExecute =
true;proc.Start();
mrtnld
ShellExecute() doesn't have the fine control over process creation, like CreateProcess() does. For me, this makes it a less than ideal solution. I would be happy if there was a new manifest execution level that showed the UAC dialog when called with ShellExecute(), and allowed the process to be created non-elevated, if called by CreateProcess().
On a related note, how does impersonation work with UAC Is it possible to get the elevated token for impersonation purposes
VinceAnguiano
I’m doing this from regular unmanaged C++.
I guess my gripe is that if CreateProcess() doesn't support elevation, then it shouldn't block process creation either. I would have expected it to create the process, but without elevation in this case.