12Ghosts™ RunAsStdUsr| 12Ghosts.com | Download | Order | Support |
12Ghosts™ RunAsStdUsr12Ghosts - RunAsStdUsr
Start programs at the end of your setup un-elevated. Setup programs usually run with full administrator rights (elevated) to be able to write to Program Files. Programs started from setup would also run elevated. This is not a good idea, since it is YOUR program that undermines the security of the system.
This tool starts a program with the (low) rights of the currently logged on user, un-elevated. You can pass a program path and command line parameters.
Does not depend on Windows task scheduler to be running, and does not depend on explorer.exe to be running un-elevated.
Does not show a dialog box or anything else on the screen. Does not leave tracks behind, no temp files, no registry keys.
This program creates its own service. The service starts the application un-elevated in the context of the currently logged-on user. All profile settings are available (including the users' desktop).
Just use our program in your installation! All you need to do is call 12runas.exe with the application path as parameter. No API, no parameters. For example:
ShellExecute(NULL, NULL, "<path>\12runas.exe", "<path to your program>
<optional params>
See C/C++ sample code here.
Start a pre-setup program, non-elevated, then start the real setup program but keep the first program running. When the real setup has finished, the first, non-elevated module starts the application.
May NOT work if the first program is re-named to something with "setup" in the name. Also, the heuristics of Windows, that determine which program needs elevation, may come to the wrong conclusion, so the first program is elevated automatically. Doesn't work either if the user starts the first program with "Run as Administrator".
Hook the message proc of explorer.exe. A DLL is loaded into Explorer, which hopefully (!) is not elevated. Send a message to Explorer, intercept that in the DLL, then start the application.
May NOT work if Explorer is elevated. Usually it is not, however, it may be started elevated - even without the user being aware of it. For example, if TaskMgr is set to "Show processes for all users" it actually runs elevated. If a user doesn't shut down his computer but only sends it to sleep, this could have been running in elevated mode for weeks. Eventually, Explorer crashes so you call up TaskMgr and run explorer.exe from File -> New Task (Run). Since TaskMgr is elevated, so is explorer.exe. This certainly is not what you want!
Create a new task programmatically. Task Scheduler then starts the application.
May NOT work if Task Scheduler is not installed.
Great idea, just doesn't work because the Least-Privilege User Account (LUA) token is not passed to the elevated program.
The only viable solution we have found is to write a service, figure out how to pass parameters to the service, get headaches when trying to impersonate the currently logged on user, and try to fix all loose ends. You can just use our tool. Licensing is simple and very affordable.
Only 12runas.exe and 12srvc.exe.
Just start 12runas.exe with the path to your program as parameter. (Sample code).
C++ Code:
VB Code:
Enclose the path in double-quotation marks and add any parameters after the path. (Sample code).
If you are going to start more programs, you can speed things up. Tell 12-RunAs to keep its service running with the parameter /keeprunas. Otherwise the service is stopped and deleted after the call. Make sure to add this before the quoted path and other parameters. (Sample code).
Start 12-RunAs with the parameter /stoprunas. (Sample code).
If 12-RunAs is started non-elevated it launches the program directly un-elevated.
Yes, the 12Ghosts setup does exactly the same. 12-SetupSFX has an option to include 12-RunAs.
|
12Ghosts™ Power Tools © 1993-2011 12Ghosts Inc. All rights reserved. |