Start a process as user from an process running as admin

Asked 27/7, 2015 at 7:1 Answered 24/10, 2019 at 19:5

I want to start another program which runs as user from a program running as administrator.

The problem is that the second program needs to use outlook, which is not possible if the program runs as admin. The main program needs to run as admin.

I did already come up with this two solutions:

Process.Start("cmd.exe", @"/C runas.exe /savecred /user:" + Environment.UserDomainName + "\\" + Environment.UserName + " " + "\"SomeProgram.exe" + "\"");

Process.Start("explorer.exe", "SomeProgram.exe");

But i have a problem with both solutions. The first one asks the user for the password (only the first time after windows was restarted). The second one probalby won`t work in the future, because as far as i found out it is considered as a bug and probably fixed with an future update.

So I would like to know is there any other solution, where the user does not need to enter his password?

This seems to work for me:

Process.Start("cmd.exe", @"/C runas.exe /TrustLevel:0x20000  " + "\"SomeProgram.exe" + "\"");

Otero answered 27/7, 2015 at 7:1 Comment(6)

Raymond Chen did a good job of describing this in How can I launch an unelevated process from my elevated process and vice versa? (which also covers all kinds of details such as when elevation used different account credentials to those being used for the rest of the session) – Vincenza 27/7, 2015 at 7:4

But isn't that just an other way to use the exploer.exe to do the job? Anyway i found another solution, I did add it to the original post. – Otero 27/7, 2015 at 8:24

Does your solution deal correctly with de-elevating from Alice's admin account to Bob's user account (using the examples from Raymonds link)? – Vincenza 27/7, 2015 at 8:32

The runas /trustlevel thing leaves the process in a weird state and should probably be avoided. See https://mcmap.net/q/22627/-do-high-integrity-tokens-have-to-have-the-administrators-group-enabled/886887 – Asphyxiant 27/7, 2015 at 21:59

One workaround is to have a parent program that runs as the user, which launches the admin process and, later, the user process. But Raymond's solution is probably sound; yes, it uses Explorer, but it does so legitimately. – Asphyxiant 27/7, 2015 at 22:2

I currently can't test it on a Win 8 machine, so I am not sure how my solutions works there with outlook. On Win 7 it seems to do the right job. If it is not working under Win 8 i need do adopt it anyway. – Otero 28/7, 2015 at 14:1

Process class has StartInfo property that is an instance of ProcessStartInfo class. This class exposes UserName, Domain and Password members to specify the user you want to run the process.

Process myProcess = new Process();
myProcess.StartInfo.FileName = fileName;
myProcess.StartInfo.UserName = userName;
myProcess.StartInfo.Domain = domain;
myProcess.StartInfo.Password = password;
myProcess.Start();

Sharkskin answered 27/7, 2015 at 7:11 Comment(6)

That would mean that i need to know the user password, which isn't the case. The program is used by many different users, so this isn't an option for me. – Otero 27/7, 2015 at 7:17

@Otero I don't think that you can impersonate another user without even knowing the credentials – Sharkskin 27/7, 2015 at 7:26

Well the main program requests admin rights with the manifest, but the second program than should just run with the normal user of the current session. – Otero 27/7, 2015 at 7:37

@Otero Admin doesn't have god rights, you can't impersonate another user without the correct credentials – Sharkskin 27/7, 2015 at 8:6

@Otero if the user that has to run the process is the one that is logged on, you can follow the link given by Damien_The_Unbeliever – Sharkskin 27/7, 2015 at 8:17

I did come up with another solution, which seems to work for me. I did edit my first post. – Otero 27/7, 2015 at 8:23

I was having the same issue and was not able to get the current logged user. NB: querying wmi is not a solution as many users may be logged in at that time so my solution is to do the reverse. Launch my app as current user and if the current user is not admin, I request to run as admin.

if (IsAdministrator())
{
    // run whatever you want as elevated user
}
else
{
    //launch the same app as admin
    ExecuteAsAdmin(PATHH_TO_THE_SAME_APP.EXE);
    //execute whatever you want as current user.
}



public static void ExecuteAsAdmin(string fileName)
{
    Process proc = new Process();
    proc.StartInfo.FileName = fileName;
    proc.StartInfo.UseShellExecute = true;
    proc.StartInfo.Verb = "runas";

    proc.Start();
    proc.WaitForExit();
}

public static bool IsAdministrator()
{
    var identity = WindowsIdentity.GetCurrent();
    var principal = new WindowsPrincipal(identity);
    return principal.IsInRole(WindowsBuiltInRole.Administrator);
}

Principalities answered 24/10, 2019 at 19:5 Comment(0)

Recommended topics

Hot tags