1

I have a regular program running as an Administrator process. But it doesn't quite have all the privileges I need. How do I elevate this process to run as the Local System account ?

I don't want to use any externals tools to achieve this elevation. It would be ideal if I could call some Win32 functions to achieve it. I am also willing to write and run a Windows service in order to pass its privileges onto the process in question.

Someone please give me a clue. My searches are just sending me round and round in circles.

user118708
  • 197
  • 1
  • 13
  • 1
    "regular program" should not run as Local System. What is the task you need Local System privileges for? – KonstantinL Apr 14 '17 at 12:01
  • I want to delete all my files. It's my system so I do whatever I want. Of course that's meant as a joke. But you get the idea. I am a professional developer and not looking for basic software principles. I am looking for a technical solution to a technical problem. – user118708 Apr 14 '17 at 12:04
  • 1
    Write a windows service and run it as Local System. – KonstantinL Apr 14 '17 at 12:08
  • As far as I know you have to register your program as a service to do so. Google CreateService API – Asesh Apr 14 '17 at 12:08
  • 1
    "I am looking for a technical solution to a technical problem". Well, tell us the problem then. This is a yet another XY problem. There's an implicit assumption that it's possible, even an assumption that it happens via elevation, but elevation is a UAC concept and `Local System` doesn't even participate in UAC. In reality, since it's an XY problem, I suppose Microsoft never bother implementing the Y part. – MSalters Apr 14 '17 at 12:26
  • I will have no problem IPC'ing between a service and the program that needs elevation. The question then is: what do I pass from the service to the elevating-program, and what does the elevating-program do with the information it will now have, what Win32 function will it call to make use of the information ? – user118708 Apr 14 '17 at 13:08
  • @MSalters: it's a gut feeling that it will work. My gut has been very good to me so far. If Local System doesn't work despite my gut, then I will give up. – user118708 Apr 14 '17 at 13:11
  • If you have no problem with having a service and communicating with it from the main program then I see no any problem to realize anything you want. Really. – KonstantinL Apr 14 '17 at 13:15
  • @KonstantinL, yes of course. So what do I communicate between the two ? I am pretty sure sending a pizza recipe down the bidirectional channel won't do either any good. My gut is doing the talking now. All it can think of is food. – user118708 Apr 14 '17 at 13:18
  • So, what is the very question?? – KonstantinL Apr 14 '17 at 13:19
  • The questions is how do I elevate the program that needs elevating from admin privileges to local system privileges. The program is already running as admin. – user118708 Apr 14 '17 at 13:21
  • @user118708 elevation only occurs when a process first starts. A process cannot elevate itself. If you need LocalSystem access (which I don't see is actually necessary just to delete files, simple admin rights should suffice), then do the work inside a LocalSystem service itself. Just send the necessary filenames to it and let it delete them. Otherwise, have a LocalSystem service launch a new process within its own session. – Remy Lebeau Apr 14 '17 at 16:52
  • File deletion was just an example. SetThreadToken seems to imply post-start elevation is possible through impersonation. – user118708 Apr 14 '17 at 18:59

1 Answers1

1
  1. Program sends session ID to service
  2. Service calls OpenProcessToken and DuplicateTokenEx to create a Local System token
  3. Service calls SetTokenInformation to change the token session ID to match the program's
  4. Service calls DuplicateHandle to create handle to the token
  5. Service sends handle to program
  6. Program calls SetThreadToken using the received handle

The program will have at least one thread with Local System privileges. This will be adequate for my purpose.

user118708
  • 197
  • 1
  • 13
  • We could only guess why everything requiring Local System privileges can not be done within the service. – KonstantinL Apr 14 '17 at 16:40
  • Because Local System hasn't the privileges to do things a normal program can do, and so things can't be done in a service. It's a deadlock situation created by some beginner MS VB programmers maybe ? Perhaps you can go show them some basic software principles. – user118708 Apr 14 '17 at 18:53