We have a lot of clients within our domain that are not constant connected with our network. Our users are working on small (sometimes disconnected) local networks with different types of network printers (usually provided by us). Within this small network there are also people NOT enlisted in our domain (partners, employers,..) that need these printers. Some of these users are local administrators but most are not.
My goal is to (dynamically) create an installer for each printer so the user may run this installer either from our network, usb, cd,.. so the local tcp/ip port is created, the printerdriver gets installed and the printer gets added.
My problem lies in obtaining sufficient rights to perform the installation.
(1) IF (and only IF!) the local user is an administrator, the installer should launch an elevated app to handel the installation.
(2) IF the user is a member of our domain but he is NOT a local administrator, the installer should use a local administrator account that was added by our policies.
I know how to run an elevated process which brings up the UAC for confirmation and i know how to impersonate another user..
But when trying to Elevate a command while impersonating i never get to see an elevation confirmation.. Which is logical and normal.
Any tips or tricks? Anyone?
What'ya know.. it seems to be possible after all. I first used an impersonation that fired the elevation prompt which didn't work. It's actually even more easy.
Here are the stripped down basics:
[FirstApp]
var str = "%My Administrator Password%";
var pwd = new System.Security.SecureString();
foreach(char c in str) pwd.AppendChar(c);
ProcessStartInfo psi = new ProcessStartInfo();
psi.UseShellExecute = false;
psi.WorkingDirectory = #"C:\path";
psi.FileName = #"C:\path\SecondApp.exe";
psi.UserName = "%My Administrator UserName%";
psi.Domain = "%My Administrator Domain%";
psi.Password = pwd;
psi.Verb = "runas";
var proc = new Process();
proc.StartInfo = psi;
proc.Start();
[SecondApp.exe]
ProcessStartInfo psi = new ProcessStartInfo();
psi.UseShellExecute = true;
psi.WorkingDirectory = #"C:\path";
psi.FileName = #"C:\path\ElevatedApp.exe";
psi.Verb = "runas";
var proc = new Process();
proc.StartInfo = psi;
proc.Start();
Works for me. The simple user that fires FirstApp.exe see's the elevation prompt that get's executed as an elevated administrator.
Credit go to J. Robbins : http://www.wintellect.com/blogs/jrobbins/elevate-a-process-at-the-command-line-in-vista
Related
I have a C# Windows Service running under the LocalSystem account.
I need access to the Windows registry in this service. I assume that this is only possible when running as LocalSystem? Or can I install the service as User context and have access to HKEY_CURRENT_USER?
The systems where the service is used is normally just used by one user. So there will be just "one" HKEY_CURRENT_USER. Another option is, to setup Remote Apps not for one user, but for all users. But I have no idea how to do that. Currently I know only the way listed below by running rundll32.exe.
As a second requirement I need to execute rundll32.exe to create RemoteApp Connection.
The following Code is not working properly:
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.CreateNoWindow = true;
startInfo.UseShellExecute = false;
startInfo.FileName = "cmd.exe";
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.Arguments = "/C rundll32.exe tsworkspace,WorkspaceSilentSetup C:\\RemoteConfig.wcx";
using (Process process = Process.Start(startInfo))
{
process.WaitForExit();
}
What must the Service be like to access HKEY_CURRENT_USER?
How can I run rundll32.exe? just running it directly caused some trouble when testing it in a console application. But with help of cmd.exe it worked.
I am trying to run an exe inside a console application. I am being prompted for UAC to enter admin credentials. The thing is i only have read and execute permissions. I cannot give full permissions as it is on a server.
using (Process process = new Process())
{
process.StartInfo.Verb = "runas";
process.StartInfo.FileName = ImgToDjvuPath;
process.StartInfo.Arguments = string.Format("\"{0}\" -profile \"{1}\" \"{2}\" \"{3}\"", ImgToDjvuPath, "fine200up", localNewDjvuFile, localNewDjvuFile);
process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
process.StartInfo.CreateNoWindow = true;
process.Start();
process.WaitForExit(10 * 60 * 1000);
}
I want to be able to run this code and have it work without being prompted for uac.
This is why i do not like stack overflow, you ask a specific question and rarely get a specific answer. Then get marked down for asking a valid question. I figured it out about 2 minutes after i posted. Thanks to those to actually tried to help for being constructive and helping.
If you want to start a new process and if you want process to run as administrator, you need RunAs verb.
UAC prompt will be shown ONLY IF the process invoker does not have administrative rights.
For your case, if you do not want process to be executed as Admin, then you should remove below line from the code:
process.StartInfo.Verb = "runas";
At work we use Azure functions for simple tasks.
To debug or run the function you need a running Azure Storage Emulator.
The problem is that our developer accounts don't have admin privileges so we can't start the emulator ourselves.
For now we solve this by asking an admin to start it for us, but that works only until you restart/turn off the machine.
We tried many things for the emulator to start for each user( as if it was run by the admin) but nothing worked.
Here is one of the methods we tried. A simple program that runs at startup and starts the emulator. If you start it manually as admin it does the job and the emulator starts without problems.
But when scheduled to start(with the admin account) at startup or at logon it starts it but only for the admin account and not the current user.
Code for the program we run at startup:
internal class Program
{
private static void Main(string[] args)
{
System.Diagnostics.Process process = new System.Diagnostics.Process();
System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Normal;
startInfo.FileName = #"C:\Program Files (x86)\Microsoft SDKs\Azure\Storage Emulator\AzureStorageEmulator.exe";
startInfo.Arguments = "start";
process.StartInfo = startInfo;
process.Start();
}
}
Do you have any idea or suggestions how to solve the above problem ?
P.S:I have searched the related topics posted on StackOverflow for issues of the same kind but they ware not much help or the use-case was different.
:)
As per this link: the first time you run your emulator, the emulator environment will need to configure itself: it will create a database in LocalDB and it will register some HTTP ports. In order for the configuration process to succeed, you need administrator privilege.
The next time you'll run the storage emulator, you will no longer need administrator privilege.
So there is a tricky way, just for your reference.
you can use administrator to start the emulator, then wait for a few seconds(it finishes the inialization), stop emulator.
Then you can use normal user account to start it, it would be run for you.
Code like below:
with admin account:
private static void Main(string[] args)
{
System.Diagnostics.Process process = new System.Diagnostics.Process();
System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Normal;
startInfo.FileName = #"C:\Program Files (x86)\Microsoft SDKs\Azure\Storage Emulator\AzureStorageEmulator.exe";
startInfo.Arguments = "start";
process.StartInfo = startInfo;
process.Start();
//Wait for finished initialization
System.Threading.Thread.Sleep(TimeSpan.FromSeconds(10));
//After initialization, close the Emulator
Process[] processes = Process.GetProcessesByName("AzureStorageEmulator");
foreach (var p in processes)
{
p.Kill();
}
}
Then you can start Emulator again using your developer account, the code is similar to the above.
It maybe a not good choice, you can also submit an question on here.
I am working on a project where I have a Windows service running under Local System Account.
What I want to do is to start another process (C++ application) that should write files to disk.
If I just use Process.Start, then the target application also runs under Local System Account, and as far as I know I can not simply write files anywhere.
For this reason I'm trying to make the target application run as a different user.
ProcessStartInfo psi = new ProcessStartInfo(#"C:\Path\to\Application.exe", parameters);
psi.UseShellExecute = false;
psi.UserName = "Username";
System.Security.SecureString sec = new System.Security.SecureString();
foreach (Char c Password)
sec.AppendChar(c);
psi.Password = sec;
psi.Domain = ".";
psi.LoadUserProfile = true;
Process.Start(psi);
But I am getting a Win32 Exception telling me the "Acces is denied".
Does anybody know how I can achieve my goal?
Check the file system permissions. Does the user you are using have execute permissions for the specified application?
There is "Setup project" in VS. During installation I launch another process:
System.Diagnostics.Process process = new System.Diagnostics.Process();
//fill StartInfo and run call Start()
process.Start();
If I run installer under Windows 7 and install for "Everyone", process start under the SYSTEM. If I install "Just for me", process start under Current user. How do I always start process under Current user?
I have found very simple solution. All that you need it just create a new class and copy text from this link.
To launch the process call ProcessAsUser.Launch("program name");
I had a similar problem: My setup extension (custom action) needed Admin privileges which brought up an elevation box. After I start my application at the end of "Just for Me" the process had settings that were made for the admin context. For example my user account likes to see all extensions of files in Windows Explorer but the admin account was configured to hide them. So in every file open box I couldn't see the extensions. To cure this this piece of code worked:
ProcessStartInfo startInfo = new ProcessStartInfo(ShortcutTarget);
startInfo.LoadUserProfile = true;
startInfo.UseShellExecute = false;
Process.Start(startInfo);
It works only in "Just for Me" mode, in "Everyone" the admin's settings are used. But this is ok for me.
Use ProcessStartInfo class and its property UserName, then use it as argument for Process.Start static method.
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.UserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
Process.Start(startInfo);