Solved

Can a Windows Service launch an application with administrative privileges in Windows Vista?

Posted on 2010-08-27
10
741 Views
Last Modified: 2013-12-04
Hello Experts,

I've been reading around and trying all kinds of things to make my Windows Service launch another application (either by ShellExecute, ShellExecuteEx, or CreateProcess, etc.) with administrative privileges in Windows Vista.

It is unclear to me whether or not this is even possible.

Right now, I have it where the service launches the application, and in task manager the application's "User Name" says the name of an administrative account, but the application won't do what I want it to (specifically control the mouse by using the .NET Cursor.Position and invoke mouse_event() from user32.dll) unless I manually stop the application from task manager, right click on it in its folder and select "Run as administrator".

Is there a way to do this? Any way at all?

Thanks for your help!
0
Comment
Question by:ehensens
  • 5
  • 4
10 Comments
 
LVL 2

Expert Comment

by:Nol888
ID: 33546354
Using the ShellExecute function (http://msdn.microsoft.com/en-us/library/bb762153%28VS.85%29.aspx), and setting lpOperation to "runas" should do the trick.
0
 

Author Comment

by:ehensens
ID: 33546450
Thanks for your response,

I've already tried that. I'm pasting the exact code I used below. It did not launch the application at all. Could this be because I'm trying to launch the application from within a Windows Service?

Furthermore, I know that the application itself launches when I use CreateProcess(), it just doesn't launch with administrative privileges.

Any ideas?

HINSTANCE hInst = ShellExecute(NULL, _T("runas"), _T("theapplication.exe"), NULL, NULL, SW_HIDE);

Open in new window

0
 
LVL 2

Expert Comment

by:Nol888
ID: 33546523
Try fully qualifying the path to the application. In addition, record (somehow) the return value of ShellExecute. It'll help to determine the reason why the application doesn't launch. If I recall correctly, services are not allowed to interact with the desktop so perhaps the elevation prompt fails to activate.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:ehensens
ID: 33546727
Thanks for the advice.

Specifying the fully qualified path to the application did indeed make the Windows Service launch it, but it still did not have full administrative privileges.

I know this because it wouldn't control the mouse when it was launched by the Windows Service, but it did control the mouse when I manually ended it and started it up again as an administrator.

Any ideas?

Thanks!
0
 
LVL 2

Accepted Solution

by:
Nol888 earned 500 total points
ID: 33546834
I suspect the issue is that Windows Services and presumably processes launched by a Windows Service cannot interact with a user session, for security purposes. They run on a separate desktop.
0
 

Author Comment

by:ehensens
ID: 33546867
Thanks.

My guesses are starting to lean in that direction as well.

However, I would really like to know for sure.

Does anybody know of any Microsoft literature that says as much, or does anyone know for sure any other reason why this may not be possible?

I don't truly understand this concept of separate desktops, is there any way I can launch a process with administrative privileges on a different desktop (for instance, from the Windows Service desktop to the user's desktop)?

Any ideas at all?

Thanks!
0
 
LVL 2

Expert Comment

by:Nol888
ID: 33546895
On XP and earlier, I believe there's a way to allow interaction, some group policy. However, for good practice you should follow the Vista guidelines.

Here's a similar problem posted on stackoverflow: http://stackoverflow.com/questions/1369236/how-to-run-console-application-from-windows-service
0
 
LVL 9

Expert Comment

by:Subrat (C++ windows/Linux)
ID: 33555628
Have a look on  ImpersonateLoggedOnUser()
0
 

Author Comment

by:ehensens
ID: 33558423
Thanks Subrat2009, but the whole issue is that the administrative user is not logged on, so I cannot impersonate him.
0
 

Author Closing Comment

by:ehensens
ID: 33579985
Although I have not seen anything from Microsoft indicating that what I'm after is not possible, I suspect that this is indeed the case.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question