Re: Manifests and requestedExecutionLevel


"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in message
news:n1q793po9glnpmvos8kbrflaorrmevvqmj@xxxxxxxxxx
Actually, I don't need administrative rights; as far as I can tell, I'm
running as a
limited user. It's the integrity level, which I have to *reduce*, that is
giving me
problems. Or is the integrity level what is being addressed by
"administrative rights"?
It isn't clear, because it looks like two independent people are writing
about this stuff.

If integrity level is directly correlated with the rights, then why are
such meaningless
phrases as "asInvoker", "asAdministrator", etc. being used to describe
what the API thinks
of as UIPI Low, Medium, and High? Is "asAdministrator" ==
"SECURITY_MANDATORY_HIGH_RID"?
Or not? It is not at all clear. Since I am not running as an
administrator, I do not
want to see anything as "high". But I find that if I simply run my
program from the
shell, as a limited user (as opposed to under VS, which *is* running as
administrator)
then I *still* come up running as "High". So these levels apparently do
*not* correlate
with concepts like "running as administrator".

If I can raise rights, why can't I specify that an app should run with
*reduced* rights?

The problem is that I am currently running "High", so I can post messages
to the "Medium"
app, but it can't post back to me. But finding the app cannot be done in
InitInstance for
a variety of technical reasons, some of which I'm not at liberty to
explain (NDA and all
that)--it requires user interaction. But once the user has designated the
chosen target
app, an action that takes some effort, I have to relaunch if I discover
that my rights are
not == the rights of the app. Note that they *must* be ==, so running as
"administrator"
isn't right unless the target app is already at that level (again, I can't
discuss the
real details) and it is unlike the target app will be at that level.

It's a real pain to debug, because after I launch under VS, then relaunch,
I have to go
back to VS and attach to the new process. If VS had a way to specify the
integrity level
for launch, this would solve much of my current problem, although not the
long-term
deployment problem.

Dude, it's not that hard. Clearly if you need to send/post messages between
the two apps, then they must be running at the same MIC (Low, Medium, High,
System). What I suggest is you break your program into two .exe's. The
first one runs at the default MIC (or High, if necessary) and the user then
selects the target app somehow. Then this first one uses
CreateProcessAsUser to launch the second .exe with the MIC of the target one
(using the techniques described at
http://www.codeproject.com/vista-security/VistaElevator.asp).

FWIW, when people talk about standard user priviledge, that is Medium MIC.
And Admin user priviledge is High MIC. This is from Kenny Kerr article.
http://weblogs.asp.net/kennykerr/archive/2006/09/29/Windows-Vista-for-Developers-_1320_-Part-4-_1320_-User-Account-Control.aspx

-- David


.

Relevant Pages

  • Re: Manifests and requestedExecutionLevel
    ... It's the integrity level, which I have to *reduce*, that is ... If integrity level is directly correlated with the rights, ... app, but it can't post back to me. ... real details) and it is unlike the target app will be at that level. ...
    (microsoft.public.vc.mfc)
  • Re: Drag & Drop problems
    ... This is a new concept introduced by Vista to enhance security (otherwise, ... Every app has something called its "integrity level" which can be ...
    (microsoft.public.vc.mfc)
Loading