Re: Permissions again

Tech-Archive recommends: Fix windows errors by optimizing your registry

mayayana escribió:

* I edit C:\documents and settings\desktop.ini
as Admin: Access denied, even though I have
full permission.

How are you reading the permissions?

But the fake Admin is limited
to right-click Run As Admin, commandline, and scenarios
where Windows shows an elevation prompt. If your
software is not asking for Admin rights via manifest
then fake Admins will never be given a chance to elevate.

As I said before, that's good enough for me. If
I get access denied then at least I can know that
and inform the person that they need to elevate.

You can request to elevate without manifiest:

Private Declare Function ShellExecute Lib "shell32.dll" Alias _
"ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As _
String, ByVal lpFile As String, ByVal lpParameters As String, _
ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long

Private Declare Function IsUserAnAdmin Lib "shell32" () As Long

Private Sub Form_Load()
If IsUserAnAdmin = 0 Then
ShellExecute Me.hwnd, "runas", App.Path & "\" & _
App.EXEName & ".exe", Command, vbNullString, 0
End
End If
End Sub

You also should check the OS version because the API function IsUserAnAdmin is not available in older Windows.
Or use this other method: http://vbnet.mvps.org/index.html?code/network/isadministrator.htm

Compile and run. The key is the word "runas" in the lpOperation parameter. It request to run as admin.

I was just trying to get a better
understanding, write a complete set of functions,
and invite feedback. So.... we both have what we
need now and no one else seems to be interested. I
guess we're done. :)

:)
.

Relevant Pages

  • Re: Adding XP in another partition users into Vi$ta
    ... When logged in as a standard user, when you elevate you are logging in with the credentials you supply to the elevation prompt and the elevated program is running under those credentials. ... Most non-elevated processes are assigned medium integrity, while an elevated process is assigned high integrity. ... Then I let user Y to take control of the folder, ... When an SID is created by a limited user with an admin token ...
    (microsoft.public.windows.vista.security)
  • Re: LogonUser
    ... > are the Admin. ... Private Declare Function CloseHandle Lib "kernel32" ... Dim lpPassword As String ...
    (microsoft.public.vb.winapi)
  • Re: Mac OS X hacked under 30 minutes
    ... privileges to admin and to root without needing to enter admin or root ... can use these flaws to elevate its privileges to admin/root behind the ...
    (comp.sys.mac.advocacy)
  • Re: VS2005/Vista issues
    ... Right-click the shortcut and click on Properties. ... An Admin account doesn't prompt for a password to elevate. ...
    (microsoft.public.vc.mfc)
  • Re: Mac OS X Security - Not Quite as Strong as you Thought
    ... "Under Mac OS, there is a ROOT USER account, ... and Admin and others are more limited. ... The admin users can elevate to ... The root account does not behave this way. ...
    (comp.sys.mac.advocacy)