Re: how to set admin privilege
- From: "Tom Serface" <tom@xxxxxxxxxxxxx>
- Date: Fri, 18 Dec 2009 09:57:05 -0800
There isn't a good way to do that except through the mechanism that tells the OS to alert the user you want to run as admin. However, at least with the code I listed you can tell if that's happened or not and act appropriately. You could put it in your manifest to always force this condition, but if that's the case (unless you're an install program) I'd figure out another way to do what you're doing since that would be tedious for Vista and Win7 users trying to live in the security bounds. I think we're just living in a different world thanks to the nefarious types that want to wreck our computers for no good reason.
Tom
"Ashish" <akohli_2004@xxxxxxxxxxx> wrote in message news:#ZXOcN9fKHA.5792@xxxxxxxxxxxxxxxxxxxxxxx
Sorry for late reply..
Yes below code tells about status. Can you please give me any link which contains the code to change provolege at run time.
"Pete Delgado" <Peter.Delgado@xxxxxxxxxx> wrote in message news:Ofoey4ofKHA.5500@xxxxxxxxxxxxxxxxxxxxxxx
"Tom Serface" <tom@xxxxxxxxxxxxx> wrote in message news:uLIWkxnfKHA.6096@xxxxxxxxxxxxxxxxxxxxxxxJust to add to David's reply, here is a function I wrote that will tell you the current privileges so you could make the decision programmatically. You'l have to fill in the way you check the version (I use the XTreme Toolkit function.
This also works on Win7 (for me so far anyway).
You may also find this link informational:
http://en.wikipedia.org/wiki/User_Account_Control
Tom
bool IsRunningVistaElevated()
{
bool bRet = false;
TOKEN_ELEVATION_TYPE ptet;
if (/* Check OS version here XTOSVersionInfo()->IsWinVistaOrGreater() */) {
HANDLE hToken = NULL;
if (::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
DWORD dwReturnLength = 0;
if (::GetTokenInformation(hToken, TokenElevationType, &ptet, sizeof ptet, &dwReturnLength))
bRet = ptet == TokenElevationTypeFull;
::CloseHandle( hToken );
}
}
return bRet;
}
Tom,
Elevation is not the same as having administrative privileges. The OP asked for administrative privileges and your code simply tells the elevation status of the process token which is not the same thing.For example, if i were to create an account that has the SeImpersonatePrivilege privilege, then I can launch the process with this elevated token. Your code will correctly see that this is an elevated token, but yet this is not a user that is a member of the Administrators group.
With that being said, for most applications like the OP has created, it is far better for security to only require those permissions that the process actually needs. Requiring Administrator rights is heavy handed and was done in the XP days. I suggest that the OP have his code use the PrivilegeCheck function in conjuction with obtaining the elevation status of the token rather than using membership to a specific group in order to determine whether the process has the necessary rights to do something.
-Pete
- Follow-Ups:
- Re: how to set admin privilege
- From: Ashish
- Re: how to set admin privilege
- References:
- how to set admin privilege
- From: Ashish
- Re: how to set admin privilege
- From: Tom Serface
- Re: how to set admin privilege
- From: Pete Delgado
- Re: how to set admin privilege
- From: Ashish
- how to set admin privilege
- Prev by Date: Re: how to set admin privilege
- Next by Date: Re: Load RTF in Word
- Previous by thread: Re: how to set admin privilege
- Next by thread: Re: how to set admin privilege
- Index(es):
Relevant Pages
|
