windows 7-64bit - win32 api to sacrifice(relegate) administrative privileges for a program
I have a program that creates temporary files. If this program run as administrator with elevated privileges the resulting files cannot be deleted without "elevated" privileges, even if the user is administrator. This forces the user to run the application always with "Run as administrator"
The program doe开发者_StackOverflow社区s not really need any administrative rights or elevated privileges. Is there a programmatic way to ensure that the application is always run with normal permissions?
A manifest can direct Windows to launch the app asInvoker, but if a user right-clicks and chooses Run As Administrator the app will be elevated. I'd be tempted to handle this through user education, but there is something programmatic you can do - it's up to you to decide if it's worth it. You can check to see if you're running elevated (basically IsInRole will say the user is an admin if and only if the app is elevated) and if you're not, launch another process non-elevated (I am sure there are questions here showing that, but here are some blog entries I happened to write linking to ways to do it native and managed) that creates the actual files.
No, you cannot force the program to run without elevation, especially in code as Elevation occurs before any code is run. If the user wants the app to run Elevated, then it will run Elevated. What you could do, however, is have your app create its files as needed and simply use SetFileSecurity()
or SetNamedSecurityInfo()
to ensure unrestricted access for all users. See http://support.microsoft.com/kb/102102 for more info.
精彩评论