Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
1,987 questions
Use explorer (usually running un-elevated at medium integrity level) to start a new, un-elevated process for you.
Refer to the Microsoft sample at https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/Win7Samples/winui/shell/appplatform/ExecInExplorer
Additional recommended reading at How can I launch an unelevated process from my elevated process and vice versa?
See my answer here - broadcastsystemmessage-function-issue-while-using.html
It discusses how to start a process in the logged-on user's interactive session with their token (would be un-elevated) using CreateProcessAsUser.
Ok.Thank you very much.
Update:
broadcastsystemmessage-function-issue-while-using.html
It helped me solve the problem.
The key functions:
WTSEnumerateSessions()、WTSQueryUserToken()、CreateProcessAsUser()
It's working on the window service to create a process(Un-elevated?)!!
One more question... the process created by this way must be un-elevated, right?
Are there any special cases?
Again, I sincerely thank you for your help!
The presumption is that UAC is enabled. Generally speaking, when UAC is enabled processes created for and by members of the Administrators group will run with a filtered token that has had administrator privileges removed. So a process created using the token obtained by WTSQueryUserToken for a logged-on user would not be elevated. You can verify the privileges/elevation status of processes you create by using the Task Manager and/or Process Explorer.
If UAC is not enabled then there is no such thing as elevated vs. un-elevated. Tokens for members of the Administrators group will always contain administrator privileges.
Understood.
Sign in to comment