0

I have a requirement to execute several commands with elevated rights, something like:

  1. call program that modifies a .config file of a service (needs admin rights)
  2. net stop myservice (needs admin rights)
  3. net start myservice (needs admin rights)

All of this dynamic, e. g. the first line could contain proxy settings, including user name and password, or any other modification to the settings file. (Settings file is in program folder, program to modify the settings file is externally provided. The actual info would be user entered through a GUI.)

I thought to create a very flexible solution, using a cmd.exe process with redirected stdin and stdout. But.. it looks like "runas" (needs ShellExecute) and redirected in-/output are exclusive.

(Also, I noticed that redirection and cmd.exe are quite hard to handle.. I had to write my own functions e. g. as a replacement for ReadLine, since the ReadLine expects a NewLine at the end and waits e. g. if there is a command prompt (meaning you have text in the line like c:\bla> but no NewLine. Still, not knowing what one gets as a result makes writing something generic difficult.)

There are 3 alternatives I can think of:

  1. get the UAC prompt for every single command (I would not like that)
  2. start a process that is elevated, this can then call whatever it wants -> needs an additional project (.exe) which I would like to avoid, also makes deployment more difficult (additional file)
  3. create a batch file on the fly, run it elevated. This I also want to avoid, since there could be password information in plain text in that file (e. g. user/password for proxy). I would at least have to make sure to always overwrite its contents and then delete it.

How to handle this?

slugster
  • 49,403
  • 14
  • 95
  • 145
Andreas Reiff
  • 7,961
  • 10
  • 50
  • 104

1 Answers1

1

I think you've already diagnosed the issue, and enumerated your available options. To my mind the best option is to use runas to create a new elevated process, and get that process to do the work.

The other process need not be a different executable it could be your existing executable started with particular command line arguments. Once you have another process running elevated, you can certainly use cmd with redirected stdin/stdout to do the work. However, why use net stop/start rather than the service API? And can you do the .config file modification without starting a separate process?

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • True about the net start/stop, I could simply use the System.ServiceProcess.ServiceController. Using the commandline here was just the idea since I wanted to use the cmd option anyway. I would not want to start the application that my code will be running out of since it is huge, so a small, separate app would then be the least bad solution, it seems. Also since I have not (short google) found a reliable way to get rid of a temp file - there might always be a lock on it while I want to delete it, or alternatively the app might crash in the worst moment.. – Andreas Reiff Feb 18 '14 at 09:37
  • @AndreasReiff I'm not sure you should worry about re-starting the same executable. It doesn't matter that it is huge. It's already running. It's already been jitted, parts of it are already in memory. Should not be an issue. Remember that there will be a pause anyway for the UAC dialog to show. – David Heffernan Feb 18 '14 at 09:48