Solved

Can a Windows Service launch an application with administrative privileges in Windows Vista?

Posted on 2010-08-27
10
739 Views
Last Modified: 2013-12-04
Hello Experts,

I've been reading around and trying all kinds of things to make my Windows Service launch another application (either by ShellExecute, ShellExecuteEx, or CreateProcess, etc.) with administrative privileges in Windows Vista.

It is unclear to me whether or not this is even possible.

Right now, I have it where the service launches the application, and in task manager the application's "User Name" says the name of an administrative account, but the application won't do what I want it to (specifically control the mouse by using the .NET Cursor.Position and invoke mouse_event() from user32.dll) unless I manually stop the application from task manager, right click on it in its folder and select "Run as administrator".

Is there a way to do this? Any way at all?

Thanks for your help!
0
Comment
Question by:ehensens
  • 5
  • 4
10 Comments
 
LVL 2

Expert Comment

by:Nol888
ID: 33546354
Using the ShellExecute function (http://msdn.microsoft.com/en-us/library/bb762153%28VS.85%29.aspx), and setting lpOperation to "runas" should do the trick.
0
 

Author Comment

by:ehensens
ID: 33546450
Thanks for your response,

I've already tried that. I'm pasting the exact code I used below. It did not launch the application at all. Could this be because I'm trying to launch the application from within a Windows Service?

Furthermore, I know that the application itself launches when I use CreateProcess(), it just doesn't launch with administrative privileges.

Any ideas?

HINSTANCE hInst = ShellExecute(NULL, _T("runas"), _T("theapplication.exe"), NULL, NULL, SW_HIDE);

Open in new window

0
 
LVL 2

Expert Comment

by:Nol888
ID: 33546523
Try fully qualifying the path to the application. In addition, record (somehow) the return value of ShellExecute. It'll help to determine the reason why the application doesn't launch. If I recall correctly, services are not allowed to interact with the desktop so perhaps the elevation prompt fails to activate.
0
 

Author Comment

by:ehensens
ID: 33546727
Thanks for the advice.

Specifying the fully qualified path to the application did indeed make the Windows Service launch it, but it still did not have full administrative privileges.

I know this because it wouldn't control the mouse when it was launched by the Windows Service, but it did control the mouse when I manually ended it and started it up again as an administrator.

Any ideas?

Thanks!
0
 
LVL 2

Accepted Solution

by:
Nol888 earned 500 total points
ID: 33546834
I suspect the issue is that Windows Services and presumably processes launched by a Windows Service cannot interact with a user session, for security purposes. They run on a separate desktop.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:ehensens
ID: 33546867
Thanks.

My guesses are starting to lean in that direction as well.

However, I would really like to know for sure.

Does anybody know of any Microsoft literature that says as much, or does anyone know for sure any other reason why this may not be possible?

I don't truly understand this concept of separate desktops, is there any way I can launch a process with administrative privileges on a different desktop (for instance, from the Windows Service desktop to the user's desktop)?

Any ideas at all?

Thanks!
0
 
LVL 2

Expert Comment

by:Nol888
ID: 33546895
On XP and earlier, I believe there's a way to allow interaction, some group policy. However, for good practice you should follow the Vista guidelines.

Here's a similar problem posted on stackoverflow: http://stackoverflow.com/questions/1369236/how-to-run-console-application-from-windows-service
0
 
LVL 8

Expert Comment

by:Subrat (C++ windows/Linux)
ID: 33555628
Have a look on  ImpersonateLoggedOnUser()
0
 

Author Comment

by:ehensens
ID: 33558423
Thanks Subrat2009, but the whole issue is that the administrative user is not logged on, so I cannot impersonate him.
0
 

Author Closing Comment

by:ehensens
ID: 33579985
Although I have not seen anything from Microsoft indicating that what I'm after is not possible, I suspect that this is indeed the case.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Visual Studio 2015 locks debug executable 9 144
Problem to adjust sheet 1 86
Unable to start eclipse ? 17 134
What .NET website keeps me current? 9 58
Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now