Solved

How to elevate rights programmatically for the application in Windows 7

Posted on 2010-08-18
6
3,798 Views
Last Modified: 2012-05-11
Hi,

Our C++ application (native, unmanaged code) checks whether some essential DLLs are registered.  If not, it tries to register them.  In other words, the automatic registration must be done when the application is executed for the first time.  Second and next times this is not to be repeated.

The application is installed by copying to certain directory (no installer yet).

The situation is complicated on Windows Vista or Windows 7 because even the administrator must explicitly elevate the rights.  Currently, he or she can do it during launching the application via right-click on the app icon and choosing the "Run as administrator".  However, it is not convenient and we have to explain it again and again to the users who install the application.

My question is: Can the application elevate the right automatically when it decides so?  I understand that it should not be done silently -- the UAC warning is OK in this case, no problem.

Thanks,
    Petr
0
Comment
Question by:pepr
6 Comments
 
LVL 2

Accepted Solution

by:
jayaram13 earned 200 total points
ID: 33463773
0
 
LVL 6

Assisted Solution

by:ChristianWimmer
ChristianWimmer earned 200 total points
ID: 33463775
Easy.

1. User runs your app.
2. Test whether your app is running as admin,
 a. if yes, register your dlls and go to 4.
 b. if not continue to 3.
3. Call ShellExecuteEx with parameter verb = runas and call you app a second time with some parameter that says register dlls or similar. Your first process must wait (WaitForSingleObject) on the process handle returned by ShellExecuteEx.
Check the return value of ShellExecuteEx (also see msdn docs) and also if your DLL registration was successfull, then proceed with 4.
4. continue to run

This also works on XP btw. In this way you'll get a logon dialog where an admin can input his credentials.
0
 
LVL 9

Assisted Solution

by:Subrat (C++ windows/Linux)
Subrat (C++ windows/Linux) earned 100 total points
ID: 33471336
Take look at ImpersonateLoggedOnUser() in MSDN

U also can use a manifest file to do the same.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Author Comment

by:pepr
ID: 33482296
Thanks for your suggestions.  To clarify the things, the application should be installed and first-time executed by a local administrator.  This way, the impersonation does not seem to be neccessary.  Only the elevation of the existing rights is the goal.

If I understand it well, the elevation can be done only when the process starts.  No way to elevate the rigts temporarily for the running process.  This way it seems that to do the registration of DLLs or other actions that require elevated righs, the separate, helper application could be created for the purpose.  The helper application would be executed (with elevated rights) from inside the main application and it will wait until the helper quits.  After that, it can continue.

Is it reasonable?  
0
 
LVL 6

Assisted Solution

by:ChristianWimmer
ChristianWimmer earned 200 total points
ID: 33482818
Yes, this is the suggested way by MS.

Elevation means to run a new process using a different token with admin rights. Setting this token while running is only possible with a process that runs with admin rights (e.g. service) or calls LogonUser.

BTW: A process cannot be "inside" another one. Instead a process can be a child process.
0
 
LVL 29

Author Closing Comment

by:pepr
ID: 33482888
Thanks all for the help. ;)
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question