Create child process with no-admin privileges from a admin privileges process? Need to work on the Win7/8/10. I have googled it.But the situation is more complicated than it seems. Any simple ideas? CreateRestrictedToken() is OK?

Use explorer (usually running un-elevated at medium integrity level) to start a new, un-elevated process for you. Refer to the Microsoft sample at https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/Win7Samples/winui/shell/appplatform/ExecInExplorer Additional recommended reading at How can I launch an unelevated process from my elevated process and vice versa?

Create child process with no-admin privileges from a admin privileges process?

Accepted answer

RLWA32 40,286 Reputation points

2022-01-18T08:37:49.21+00:00

Use explorer (usually running un-elevated at medium integrity level) to start a new, un-elevated process for you.

Refer to the Microsoft sample at https://github.com/microsoft/Windows-classic-samples/tree/main/Samples/Win7Samples/winui/shell/appplatform/ExecInExplorer

Additional recommended reading at How can I launch an unelevated process from my elevated process and vice versa?
Please sign in to rate this answer.

1 person found this answer helpful.
Jidcoo 111 Reputation points

2022-01-18T09:06:09.447+00:00

I have used similar methods as you say.But my software is window service application.The api like FindWindowXX is not working. It will return null and GetLastError() return 6. So I wanna to know can a window service application interact with a desktop application?

RLWA32 40,286 Reputation points

2022-01-18T09:22:33.617+00:00

See my answer here - broadcastsystemmessage-function-issue-while-using.html

It discusses how to start a process in the logged-on user's interactive session with their token (would be un-elevated) using CreateProcessAsUser.

Jidcoo 111 Reputation points

2022-01-18T09:32:57.23+00:00

Ok.Thank you very much.

Jidcoo 111 Reputation points

2022-01-18T15:10:05.923+00:00

Update:

broadcastsystemmessage-function-issue-while-using.html

It helped me solve the problem.
The key functions:
WTSEnumerateSessions()、WTSQueryUserToken()、CreateProcessAsUser()

It's working on the window service to create a process(Un-elevated?)!!

One more question... the process created by this way must be un-elevated, right?
Are there any special cases?

Again, I sincerely thank you for your help!

RLWA32 40,286 Reputation points

2022-01-18T15:31:58.367+00:00

The presumption is that UAC is enabled. Generally speaking, when UAC is enabled processes created for and by members of the Administrators group will run with a filtered token that has had administrator privileges removed. So a process created using the token obtained by WTSQueryUserToken for a logged-on user would not be elevated. You can verify the privileges/elevation status of processes you create by using the Task Manager and/or Process Explorer.

If UAC is not enabled then there is no such thing as elevated vs. un-elevated. Tokens for members of the Administrators group will always contain administrator privileges.

Jidcoo 111 Reputation points

2022-01-18T16:42:12.397+00:00

Understood.
Sign in to comment

Create child process with no-admin privileges from a admin privileges process?

0 additional answers