Comments (4)
Well, that's the expected behavior.
You see, the section of the code you posted here is in a loop. What we are trying to do is to go through all processes and see if any of them are in limited mode and then start our process using their token. Now if you remove the check, you effectively removed the whole logic for this method and the process starts with the token of the first process it finds.
Unfortunately, copying the token of a limited process is the only way to execute an application in the limited environment while the parent process is already elevated. So if the library can't find an unelevated process to copy the token from, it SHOULD throw an error; as it does now.
What I can suggest is to put your code in a try {} catch{}
block and capture the exception, then inform the user, execute the process normally, or use other methods like StartLimitedTask()
. You can also use the StartWithShell()
method if you don't care if the child process always ends up being limited. But this may also fail if the shell process is not running at the time.
from uachelper.
That is clear to me, we didn't understand each other. What i did propose is to change that if from
{
var elevationType = Tokens.GetTokenElevationType(processIdentity.Token);
if (elevationType == TokenElevationType.Limited ||
(elevationType == TokenElevationType.Default &&
!new WindowsPrincipal(processIdentity).IsInRole(WindowsBuiltInRole.Administrator)))
{
return StartAndCopyProcessPermission(process, startInfo);
}
}
to
{
var elevationType = Tokens.GetTokenElevationType(processIdentity.Token);
if (elevationType == TokenElevationType.Limited ||
elevationType == TokenElevationType.Default )
{
return StartAndCopyProcessPermission(process, startInfo);
}
}
because in my case, there is only Administrator user with no password, and there is no linked token, so a elevation type will be default and an extracted user from a process identity shell be in Administrator group so that function StartAndCopyProcessPermission will never be executed. So i simply removed that role check from if.
Is this ok to you?
Best regards.
from uachelper.
I see your point, and you can change what part of the library you want in your local version or your fork. After all, this is an open source project. You don't need my permission for it.
What I am trying to do is to describe the logic of that block so you end up with the result you want instead of the result you expect.
There are three elevation types, Limited
, Full
and Default
. Limited
and Full
types are only valid when the program is running under UAC SandBox and the Default
is the elevation type you get when the program is not in the UAC SandBox (usually when UAC is disabled). With Default
elevation you run your application with full user access, so if your user is an administrator, Default
means elevated execution, not limited. The whole use of this method to execute an application in limited mode and for that, I check if the user is not an administrator. By removing the check for the administrative role, you may end up with an elevated process instead of a limited one, so the method throws an exception, by design.
If this is what you want, why not simply capture the exception and start the process normally?
var startInfo = new StartInfo(.......);
Process process = null;
try {
process = UACHelper.StartLimited(startInfo);
} catch (InvalidOperationException) {
process = Process.Start(startInfo);
}
from uachelper.
I agree with you, that is behaviour i want. If a UAC is disabled, or in some case token can't be linked and elevation type is default and process can't run limited, i want it to start elevated.
Thanks for the solution.
Best regards.
from uachelper.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from uachelper.