Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4076
  • Last Modified:

How to elevate rights programmatically for the application in Windows 7

Hi,

Our C++ application (native, unmanaged code) checks whether some essential DLLs are registered.  If not, it tries to register them.  In other words, the automatic registration must be done when the application is executed for the first time.  Second and next times this is not to be repeated.

The application is installed by copying to certain directory (no installer yet).

The situation is complicated on Windows Vista or Windows 7 because even the administrator must explicitly elevate the rights.  Currently, he or she can do it during launching the application via right-click on the app icon and choosing the "Run as administrator".  However, it is not convenient and we have to explain it again and again to the users who install the application.

My question is: Can the application elevate the right automatically when it decides so?  I understand that it should not be done silently -- the UAC warning is OK in this case, no problem.

Thanks,
    Petr
0
pepr
Asked:
pepr
4 Solutions
 
ChristianWimmerCommented:
Easy.

1. User runs your app.
2. Test whether your app is running as admin,
 a. if yes, register your dlls and go to 4.
 b. if not continue to 3.
3. Call ShellExecuteEx with parameter verb = runas and call you app a second time with some parameter that says register dlls or similar. Your first process must wait (WaitForSingleObject) on the process handle returned by ShellExecuteEx.
Check the return value of ShellExecuteEx (also see msdn docs) and also if your DLL registration was successfull, then proceed with 4.
4. continue to run

This also works on XP btw. In this way you'll get a logon dialog where an admin can input his credentials.
0
 
Subrat (C++ windows/Linux)Software EngineerCommented:
Take look at ImpersonateLoggedOnUser() in MSDN

U also can use a manifest file to do the same.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
peprAuthor Commented:
Thanks for your suggestions.  To clarify the things, the application should be installed and first-time executed by a local administrator.  This way, the impersonation does not seem to be neccessary.  Only the elevation of the existing rights is the goal.

If I understand it well, the elevation can be done only when the process starts.  No way to elevate the rigts temporarily for the running process.  This way it seems that to do the registration of DLLs or other actions that require elevated righs, the separate, helper application could be created for the purpose.  The helper application would be executed (with elevated rights) from inside the main application and it will wait until the helper quits.  After that, it can continue.

Is it reasonable?  
0
 
ChristianWimmerCommented:
Yes, this is the suggested way by MS.

Elevation means to run a new process using a different token with admin rights. Setting this token while running is only possible with a process that runs with admin rights (e.g. service) or calls LogonUser.

BTW: A process cannot be "inside" another one. Instead a process can be a child process.
0
 
peprAuthor Commented:
Thanks all for the help. ;)
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now