开发者

How to run a process as current user privilege from an admin process

开发者_运维百科

When a setup program(built by like Inno Setup) does launch a process, the process always be run as administrator privilege. -because setup program had been run as admin.

I want to run the child process as current user's privilege.

Is there a good way?


This question comes up every 3 or 4 months internally at MSFT.

The answer that the security folks give is: You can't. When the elevated process token is created, there are changes made to the token that can't be undone.

Your best bet is to have a launcher application that runs your elevated setup program and then when the elevated setup program is completed, turns around and runs your child process.


As a launcher you can use the portable powershell app deployment kit (Link). You can edit the deploy-application.ps1 and use Execute-ProcessAsUser to run applications/scripts with the current user even when you launched the powershell app deployment kit as admin


Although it is not considered best practice (or even good practice), it is possible to launch a medium IL process from a high/admin IL process:

See this post on codeproject

I can confirm that this code works on Vista 32 and 64-bit with and without UAC enabled.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜