Re: VS2005/Vista issues
- From: Joseph M. Newcomer <newcomer@xxxxxxxxxxxx>
- Date: Mon, 18 Jun 2007 11:32:58 -0400
This question was based on the earlier reply in this thread:
Actually there is BIG difference. A "limited" process running under
administrator account can open a handle to an "elevated" process with full
access rights and screw with it any way it wants - run a remote thread,
inject code, etc. It's like being on the other side of the fence, but still
having a key to the gate. So it's just an illusion of protection.
A process running under "true" limited user CANNOT open handle to an
administrator process. It even cannot send arbitrary windows messages to it.
This suggests that if I make myself an administrator account (add my account to the
administrator group) then I would NOT be subjected to the limitations of my current
account. I want code that runs under my login account to have all the llimitations of an
ordinary user (including to being able to set hooks, etc.), but if I run a program that
wants privileges (as specified in its manifest) then it will prompt me, and I can simply
click one mouse button to get them, so I can do the things I need to do without massive
hassle while still getting a credible representation of what end users will normally see.
joe
On Sun, 17 Jun 2007 14:34:49 -0700, "David Ching" <dc@xxxxxxxxxxxxxxxxxxxxxx> wrote:
"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in messageJoseph M. Newcomer [MVP]
news:76sa735dfhre15c27imnich4aena0erps7@xxxxxxxxxx
ACtually, it is reasonably important to me that under "normal" operating
conditions that I
be unable to set hooks or send messages to elevated processes. Yet I
still need to be
able to get privileges when I need them, but not be annoyed by having to
type a password
each time. It sounds like these are incompatible goals.
I don't know what the problem is. Under "normal" conditions, you WON'T be
able to set hooks or send messages to elevated processes. The only way to
do so is to first elevate your process. For an Admin account, all you have
to do is click OK when the screen darkens, not type in a password. What
about this situation do you not like?
-- David
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.
- Follow-Ups:
- Re: VS2005/Vista issues
- From: David Ching
- Re: VS2005/Vista issues
- From: Anthony Wieser
- Re: VS2005/Vista issues
- References:
- VS2005/Vista issues
- From: Joseph M . Newcomer
- Re: VS2005/Vista issues
- From: David Ching
- Re: VS2005/Vista issues
- From: Joseph M . Newcomer
- Re: VS2005/Vista issues
- From: David Ching
- Re: VS2005/Vista issues
- From: Alexander Grigoriev
- Re: VS2005/Vista issues
- From: Joseph M . Newcomer
- Re: VS2005/Vista issues
- From: David Ching
- VS2005/Vista issues
- Prev by Date: Re: Sorting a CList
- Next by Date: Re: TRACE with VS6 onVista
- Previous by thread: Re: VS2005/Vista issues
- Next by thread: Re: VS2005/Vista issues
- Index(es):
