Solved

Can a Windows Service launch an application with administrative privileges in Windows Vista?

Posted on 2010-08-27
10
743 Views
Last Modified: 2013-12-04
Hello Experts,

I've been reading around and trying all kinds of things to make my Windows Service launch another application (either by ShellExecute, ShellExecuteEx, or CreateProcess, etc.) with administrative privileges in Windows Vista.

It is unclear to me whether or not this is even possible.

Right now, I have it where the service launches the application, and in task manager the application's "User Name" says the name of an administrative account, but the application won't do what I want it to (specifically control the mouse by using the .NET Cursor.Position and invoke mouse_event() from user32.dll) unless I manually stop the application from task manager, right click on it in its folder and select "Run as administrator".

Is there a way to do this? Any way at all?

Thanks for your help!
0
Comment
Question by:ehensens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 2

Expert Comment

by:Nol888
ID: 33546354
Using the ShellExecute function (http://msdn.microsoft.com/en-us/library/bb762153%28VS.85%29.aspx), and setting lpOperation to "runas" should do the trick.
0
 

Author Comment

by:ehensens
ID: 33546450
Thanks for your response,

I've already tried that. I'm pasting the exact code I used below. It did not launch the application at all. Could this be because I'm trying to launch the application from within a Windows Service?

Furthermore, I know that the application itself launches when I use CreateProcess(), it just doesn't launch with administrative privileges.

Any ideas?

HINSTANCE hInst = ShellExecute(NULL, _T("runas"), _T("theapplication.exe"), NULL, NULL, SW_HIDE);

Open in new window

0
 
LVL 2

Expert Comment

by:Nol888
ID: 33546523
Try fully qualifying the path to the application. In addition, record (somehow) the return value of ShellExecute. It'll help to determine the reason why the application doesn't launch. If I recall correctly, services are not allowed to interact with the desktop so perhaps the elevation prompt fails to activate.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:ehensens
ID: 33546727
Thanks for the advice.

Specifying the fully qualified path to the application did indeed make the Windows Service launch it, but it still did not have full administrative privileges.

I know this because it wouldn't control the mouse when it was launched by the Windows Service, but it did control the mouse when I manually ended it and started it up again as an administrator.

Any ideas?

Thanks!
0
 
LVL 2

Accepted Solution

by:
Nol888 earned 500 total points
ID: 33546834
I suspect the issue is that Windows Services and presumably processes launched by a Windows Service cannot interact with a user session, for security purposes. They run on a separate desktop.
0
 

Author Comment

by:ehensens
ID: 33546867
Thanks.

My guesses are starting to lean in that direction as well.

However, I would really like to know for sure.

Does anybody know of any Microsoft literature that says as much, or does anyone know for sure any other reason why this may not be possible?

I don't truly understand this concept of separate desktops, is there any way I can launch a process with administrative privileges on a different desktop (for instance, from the Windows Service desktop to the user's desktop)?

Any ideas at all?

Thanks!
0
 
LVL 2

Expert Comment

by:Nol888
ID: 33546895
On XP and earlier, I believe there's a way to allow interaction, some group policy. However, for good practice you should follow the Vista guidelines.

Here's a similar problem posted on stackoverflow: http://stackoverflow.com/questions/1369236/how-to-run-console-application-from-windows-service
0
 
LVL 9

Expert Comment

by:Subrat (C++ windows/Linux)
ID: 33555628
Have a look on  ImpersonateLoggedOnUser()
0
 

Author Comment

by:ehensens
ID: 33558423
Thanks Subrat2009, but the whole issue is that the administrative user is not logged on, so I cannot impersonate him.
0
 

Author Closing Comment

by:ehensens
ID: 33579985
Although I have not seen anything from Microsoft indicating that what I'm after is not possible, I suspect that this is indeed the case.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For a while now I'v been searching for a circular progress control, much like the one you get when first starting your Silverlight application. I found a couple that were written in WPF and there were a few written in Silverlight, but all appeared o…
For most people, the WrapPanel seems like a magic when they switch from WinForms to WPF. Most of us will think that the code that is used to write a control like that would be difficult. However, most of the work is done by the WPF engine, and the W…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question