If the process from which you are obtaining the token was started by a member of the Administrators group then it should have a linked token that contains elevated privileges. From a windows service running under the SYSTEM account you can query the process token to get a handle to the linked token containing the elevated privileges. Use the GetTokenInformation function with TokenLinkedToken to obtain a TOKEN_LINKED_TOKEN structure. This structure contains the handle to the token containing the elevated privileges. Use the linked token in the call to CreateProcessAsUser.
How to launch an application with admin rights in user mode from a service which runs in system context
My service is running in SYSTEM context.
I want to launch an application(test.exe) using CreateProcessAsUser () API from service.
The application(test.exe) must run in user context.
The application(test.exe) must have admin rights.
Experiments performed:
Set the application requestedExecutionLevel to requireAdministrator privilege.
Use the SCNotification(user context application which has admin privilege) tokens to launch the application(test.exe). OpenProcess() API, OpenProcessToken() API and DuplicateTokenEx() API is used to get the token which is passed to CreateProcessAsUser() API.
Result: the application(test.exe) is not launching in admin mode.