Privilege Exaltation only when and if required

Question

Privilege Exaltation only when and if required

My application only occasionally requires privilege escalation ... I need to refer to some third-party COM components that only work correctly when run as an administrator.

I want my application to request privilege escalation only when it needs it ... As a rule, I do not want my application to run as an administrator if I do not need to use third-party COM components.

I see that CoCreateAsAdmin can potentially solve the problem, but the author of the component does not install the necessary registry entries, and I'm not sure how to use CoCreateAsAdmin in C # and in combination with the Runtime-Callable-Wrapper, which is created by tlbimp.

Another solution would be to create a different process, but I still have no experience with this ... I do not want to create a completely separate application ... I would be happy to create an assembly that works in a split if someone can show me how to force its work.

Thank...

+3

c # uac

Cameron peters Jun 17 '10 at 18:18

source share

2 answers

:
http://victorhurdugaci.com/using-uac-with-c-part-1/
http://victorhurdugaci.com/using-uac-with-c-part-2/
http://victorhurdugaci.com/using-uac-with-c-part-3/

+1

Romain Hippeau 17 . '10 18:37

JSBձոգչ · Accepted Answer · 2010-06-17T18:50:08+0000

Process privileges are based on the token of the user who works in the process, which is assigned only when the process starts. Therefore, there is no way to enhance your process after it starts. The only reliable way to get up at runtime is to create a new process.

, . Process , COM-. , .exe, , , , .

Privilege Exaltation only when and if required

More articles: