How to launch an application with admin rights in user mode from a service which runs in system context

DieWithYourBootsON 21 Reputation points
2022-09-13T14:01:54.5+00:00

My service is running in SYSTEM context.
I want to launch an application(test.exe) using CreateProcessAsUser () API from service.

The application(test.exe) must run in user context.
The application(test.exe) must have admin rights.

Experiments performed:
Set the application requestedExecutionLevel to requireAdministrator privilege.
Use the SCNotification(user context application which has admin privilege) tokens to launch the application(test.exe). OpenProcess() API, OpenProcessToken() API and DuplicateTokenEx() API is used to get the token which is passed to CreateProcessAsUser() API.

Result: the application(test.exe) is not launching in admin mode.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,591 questions
{count} votes

1 answer

Sort by: Most helpful
  1. RLWA32 45,326 Reputation points
    2022-09-20T07:25:32.123+00:00

    If the process from which you are obtaining the token was started by a member of the Administrators group then it should have a linked token that contains elevated privileges. From a windows service running under the SYSTEM account you can query the process token to get a handle to the linked token containing the elevated privileges. Use the GetTokenInformation function with TokenLinkedToken to obtain a TOKEN_LINKED_TOKEN structure. This structure contains the handle to the token containing the elevated privileges. Use the linked token in the call to CreateProcessAsUser.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.