0

I have program where i start USMT (load or scanstate) with a domain user that gives administrative privileges on the local computer. This is working perfectly fine in Windows 7.

The program needs to start as a non administrator user, but executing load/scanstate with administrator privileges.

However it fails when running load/scanstate properly becouse its not elevated currectly. But how can i overcome this, without having administrative rights?

Best Regards Thomas Nissen

        ProcessStartInfo restoreProcessInfo = new ProcessStartInfo
        {
            Verb = "runas",
            UseShellExecute = false,
            Domain = strAdminDomain,
            UserName = strAdminUsername,
            Password = strAdminPassword,
            FileName = loadstate.exe",
            Arguments = "blablabla"
        }
user2931144
  • 147
  • 2
  • 14
  • You mean your exe can be executed by a non-admin user but piece of logic within the exe has to be executed with elevated permission? – Kurubaran Oct 26 '15 at 08:25
  • Correct, the load- and scanstate needs administrative permissions to run. But the user is not administrator and therefore cannot run directly. Therefore i need the processes to be started with another user, giving them local admin rights. – user2931144 Oct 26 '15 at 08:28

2 Answers2

0

As far as I am aware, the "runas" Verb (any Verb, really) is only respected when UseShellExecute is set to true. Try setting UseShellExecute to true while hiding the shell window using the WindowStyle property instead.

This will, however, prevent you from capturing input and output streams from the process. Is that something you are interested in doing?

user5488406
  • 1
  • Yes i also concluded that runas does not Work anyway better than if it is not there, at least when UseShellExecute is false. However i cannot set UseShellExecute to true becouse then i cannot start with the username and password supplied. I also need to have the window open, else i have no way to the how the process is going, and ofcouse i need and exit code. – user2931144 Oct 26 '15 at 08:38
  • You will still get the exit code, but the i/o streams will be unavailable to your application. Hiding the window is optional, of course. – user5488406 Oct 26 '15 at 08:42
  • Ok yes, but still have the problem that UseShellExecute to true disallow me to use username and password paramenters for the ProcessStartInfo – user2931144 Oct 26 '15 at 08:55
  • UserName and Password are still respected regardlless of the execution mode. – user5488406 Oct 26 '15 at 09:53
  • Appearently not, becouse i get this exception "The Process object must have the UseShellExecute property set to false in order to start a process as a user" – user2931144 Oct 26 '15 at 12:02
0

you can impersonate the user. Impersonation is the ability of a thread to execute using different security information than the process that owns the thread.

Check this thread for how to implement impersonation. So the process will be initially executed with windows domain user's privilege and logic that's is placed within the impersonation block will be executed with with impersonated user's privilege.

//Code outside the impersonation block will be executed with current user privilege

Using(Impersonator impersonator = new Impersonator())
{
  //Code written within this block will be executed with elevated(impersonated) user privilege.
}
Community
  • 1
  • 1
Kurubaran
  • 8,696
  • 5
  • 43
  • 65