RE: out-of-proc activex and UAC
- From: blackpowder <blackpowder@xxxxxxxxxxxxxxxx>
- Date: Wed, 1 Oct 2008 14:36:05 -0700
Hi Jialiang -
I think I had some really weird test enviornment issues yesterday, as today
I performed your test over again, and things work as long as I don't have a
manifest embedded within my EXE.
So, my next question would be, is there a way to create a new thread within
my EXE with elevated privelages. As I do need to run at a High Integrity
level so I can access files within the program files directory for our
application we are trying to work with?
Thanks,
William
""Jialiang Ge [MSFT]"" wrote:
Hello William, thanks for the test result..
Before I analyze your test result and give further suggestions, would you
please have a look at the below test I just did on my side?
======================
My Tests
In Visual Studio 2005, I created an ATL EXE project named MyFirstEXE, added
an ATL Simple Object to it which exposes an interface: IMyTest1 and two
method: MyMethod1, MyMethod2. Method1 does nothing but return S_OK. Method2
access Vista restricted resources like HKLM.
In addition, I created a web site with a piece of vbscript code:
Set obj = CreateObject("MyFirstEXE.MyTest1")
obj.MyMethod1
obj.MyMethod2
1. Test with an embedded UAC manifest with requestedExecutionLevel =
requireAdministrator
I register the COM server with the command MyFirstEXE.exe /regserver.
When I launch the web site in Windows XP, or Windows Vista with UAC
disabled, or Windows Vista with UAC enabled + IE run as Administrator, I
see the script runs successfully: the COM server is started with Integrity
Level = High and no error is reported in IE.
However, when I launch the web site in Vista (UAC) without elevating IE, I
see the script line:
Set obj = CreateObject("MyFirstEXE.MyTest1")
reports an error "The requested operation requires elevation" in the
left-bottom corner of IE after I "Allow" the prompt, and the MyFirstEXE
process is not started. This test result is very similar to yours. The only
difference is that, the COM server EXE is started and quit quickly on your
side, but it is not get started on my for lack of privilege.
2. Test without the manifest of requestedExecutionLevel =
requireAdministrator
When I launch the web site in Windows XP, or Windows Vista with UAC
disabled, or Windows Vista with UAC enabled + IE run as Administrator, I
see the script runs successfully: the COM server is started with Integrity
Level = High and no error is reported in IE. (Same as the test1)
However, when I launch the web site in Vista (UAC) without elevating IE, I
notice that CreateObject("MyFirstEXE.MyTest1") succeeds, and MyFirstEXE.exe
is started with Integrity Level = Medium according to my observation in
process explorer. obj.MyMethod1 also succeeds, but obj.MyMethod2 fails
because it tries to access some restricted resources in Vista (HKLM)
without elevation (The current IL = Medium, but the expected value to
access HKLM is High)
======================
In normal situations (Vista UAC enabled + IE protected mode without
elevation), the value "Policy = 3" in the Internet Explorer\Low
Rights\ElevationPolicy registry silently launches the broker as a medium
integrity process. Because your COM server exe (MyFirstEXE.exe in the above
example) requires Administrator privilege (IL = High), it conflicts with
the elevation level allowed by the broker. William, why did you add the
manifest requestedExecutionLevel = requireAdministrator to your ActiveX
EXE? Does the EXE need to access some restricted resources like c:\
directory or HKLM registry?
-- If no, I suggest that we remove the manifest and test the website again.
-- If yes, you would need to create broker processes to access high
integrity objects. See
http://msdn.microsoft.com/en-us/library/bb250462.aspx:
<quote>
You can also create broker processes to access high integrity objects. For
information describing how to launch broker processes with a high integrity
level, please see the Guidelines for Administrative User Applications
section of Developer Best Practices and Guidelines for Applications in a
Least Privileged Environment. Note that you do not need to create an
elevation policy because UAC will handle the elevation.
</quote>
William, you mentioned that the ActiveX EXE get started very quickly and
then it exits. Is this consistent? Would you please use process explorer
(it should be run as administrator) and check its Integrity Level according
to the steps in my last reply? Process Explorer has a highlight duration,
so you will still have time to watch the process's IL even if it quits very
quickly.
If the process is in Medium Integrity level, is the method that throws the
error accessing some UAC restricted resources? If we call a method that
does nothing (like MyMethod1 in my above test), will it report the same
error?
You also mentioned the Buffer Overflow error logged by process monitor.
There are various reasons for this error. You may see the detail in the
Detailed Description column. By the way, do you see any error like "Access
Denied" in the procmon log?
If the above analysis is not helping you, do you mind sending a
reproducible ActiveX exe to me with source code if possible. I will test it
on my side and have a clearer picture of the problem. My mailbox is:
jialge@xxxxxxxxxxxxx
Regards,
Jialiang Ge (jialge@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support
=================================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx
This posting is provided "AS IS" with no warranties, and confers no rights.
=================================================
- Follow-Ups:
- RE: out-of-proc activex and UAC
- From: "Jialiang Ge [MSFT]"
- RE: out-of-proc activex and UAC
- Prev by Date: Re: Questions re. ATL service (EXE) plus ATL simple object
- Next by Date: RE: out-of-proc activex and UAC
- Previous by thread: RE: out-of-proc activex and UAC
- Next by thread: RE: out-of-proc activex and UAC
- Index(es):
Relevant Pages
|
