Logged user with vista rights elevation

[GuiD]

Hi all,
Happy new year ;-)

Here is my crazy issue.
Situation :
On vista, i have my admin account named "ADMIN" and another account named
"TOTO"
i created a C# application and launch it through "TOTO" account.
the application request Rights Elevation .
so when i start the application, Vista request ADMIN password to use this
account & rights...
My problem is : i no longer arrive to get TOTO Environnement Variables !
even the Vista Logged username TOTO is impossible to retrieve through my
application

i tried : Environnement.UserName ->ADMIN
Registry keys (HKEY_CURRENT_USER) : all are swapped to ADMIN
values ...
Security.Permission ... namespace : Same result !

This issue make me crazy !!! if anyone know how to ...
Thanks in advance
GuiD

 

[Willy Denoyette [MVP]]

Hi all,
Happy new year ;-)

Here is my crazy issue.
Situation :
On vista, i have my admin account named "ADMIN" and another account named
"TOTO"
i created a C# application and launch it through "TOTO" account.
the application request Rights Elevation .
so when i start the application, Vista request ADMIN password to use this
account & rights...

How did you launch the application, some code would be a great help.

My problem is : i no longer arrive to get TOTO Environnement Variables !
even the Vista Logged username TOTO is impossible to retrieve through my
application

If you start an application to "runas" ADMIN, you no longer have access to
TOTO's environment, you are running in ADMIN's context, what did you expect
otherwise?
Anyway, show us your code and tell us why you need to run elevated?

Willy.

 

[Marra]

I think the problem might be how your software was installed.

Dont install it as an admin !
Install it as the TOTO user.

 

[GuiD]

Hi Willy & Marra,
Thanks for your answer
The fact is my application need admins rights because i use low level stuff
(developped in C++) who requires Admin rights and if my C# Application is
not elevated, i experience Side by Side configuration issues ...

My elevation is requested by using a [ApplicationName].exe.Manifest & a post
build events to embend it after compilation.

My needs are pretty simple, i offer to current user services to handle data
contained in part in his Documents folder (Users\toto ... \Documents ..
\Pictures ) ...

but in my case, Documents, Pictures ...etc are targetting ADMIN folders ...

Regards,
Guid

 

[Nicholas Paldino [.NET/C# MVP]]

GuiD,

Well, there is a misunderstanding on your part about rights.
Applications do not have rights. It is the users running them that do. If
you want your app to be able to perform an administrative function, you have
to run it with a user that has those rights.

Now, if you want to run it as an admin, but act on another account, you
will have to query the user for the user to perform these services for, and
then proceed from there.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Hi Willy & Marra,
Thanks for your answer
The fact is my application need admins rights because i use low level
stuff (developped in C++) who requires Admin rights and if my C#
Application is not elevated, i experience Side by Side configuration
issues ...

My elevation is requested by using a [ApplicationName].exe.Manifest & a
post build events to embend it after compilation.

My needs are pretty simple, i offer to current user services to handle
data contained in part in his Documents folder (Users\toto ... \Documents
.. \Pictures ) ...

but in my case, Documents, Pictures ...etc are targetting ADMIN folders
...

Regards,
Guid

How did you launch the application, some code would be a great help.


If you start an application to "runas" ADMIN, you no longer have access
to TOTO's environment, you are running in ADMIN's context, what did you
expect otherwise?
Anyway, show us your code and tell us why you need to run elevated?

Willy.

 

[Willy Denoyette [MVP]]

Hi Willy & Marra,
Thanks for your answer
The fact is my application need admins rights because i use low level
stuff (developped in C++) who requires Admin rights and if my C#
Application is not elevated, i experience Side by Side configuration
issues ...

My elevation is requested by using a [ApplicationName].exe.Manifest & a
post build events to embend it after compilation.

My needs are pretty simple, i offer to current user services to handle
data contained in part in his Documents folder (Users\toto ... \Documents
.. \Pictures ) ...

but in my case, Documents, Pictures ...etc are targetting ADMIN folders
...

This is what I understand from what you are telling, a user "TOTO" starts a
program A, that on it's turn starts another program B, to run as ADMIN
(elevated), and you expect that this program can access the profile of TOTO,
right?
Well, if that's the case, I would like to know how A starts B, more
precisely I would love to see the code that starts B.

Willy.

 

[GuiD]

Sorry willy, i havn't source code here, i'm in france and here is
Midnight:30

My C# Application (with Manifest embended to request Rights elevation so
used in ADMIN account mode)
communicate with a COM ActiveX.
the ActiveX Launch low level DLL (impossible for me to import them, or only
by LoadLibray & GetProcAddress ... this solution was not retained by
Architects)
Low level Dlls constitude the Core engine of the application.

i'm not sure to understand why you're talking about Program A & B, there is
only one C# Program, used to display interfaces, and give information to low
level dlls; like the current user logged.

I cannot run my application with a standard user without errors.
I feel dirty because by clicking Start Menu, i can see i'm logged with toto
but i do not find any way to get this information with my program...
i was happy to find a solution : Get the user name of explorer.exe process,
but with two session logged, i 've got 2 explorer processes ;-( lol

Thinks for you interest, i still looking for a hack to bypass a eventual
query to user...
Regards,
GuiD

Hi Willy & Marra,
Thanks for your answer
The fact is my application need admins rights because i use low level
stuff (developped in C++) who requires Admin rights and if my C#
Application is not elevated, i experience Side by Side configuration
issues ...

My elevation is requested by using a [ApplicationName].exe.Manifest & a
post build events to embend it after compilation.

My needs are pretty simple, i offer to current user services to handle
data contained in part in his Documents folder (Users\toto ... \Documents
.. \Pictures ) ...

but in my case, Documents, Pictures ...etc are targetting ADMIN folders
...

This is what I understand from what you are telling, a user "TOTO" starts
a program A, that on it's turn starts another program B, to run as ADMIN
(elevated), and you expect that this program can access the profile of
TOTO, right?
Well, if that's the case, I would like to know how A starts B, more
precisely I would love to see the code that starts B.

Willy.

 

[Nicholas Paldino [.NET/C# MVP]]

GuiD,

You are ignoring the most important point here. When Vista requests
rights elevation, it is doing so before your program runs. You then enter
the credential information for an account with administrator privledges, and
then it runs the program under THAT account. You can't figure out the
account that started the process because for all intents and purposes, it's
the administrator account that started the process.

You have to query for the user, and not make assumptions, or try to
discern which account originally requested rights elevation, because you
can't get this information otherwise.

If this was on XP, and not Vista, your program would just fail inside
the program because your regular user doesn't have the appropriate
permissions required to run your app. You would have to select "Run As" (or
log in as an administrator) and run the program that way. You would ^still^
need to query for the user you want to perform these actions for.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Sorry willy, i havn't source code here, i'm in france and here is
Midnight:30

My C# Application (with Manifest embended to request Rights elevation so
used in ADMIN account mode)
communicate with a COM ActiveX.
the ActiveX Launch low level DLL (impossible for me to import them, or
only by LoadLibray & GetProcAddress ... this solution was not retained by
Architects)
Low level Dlls constitude the Core engine of the application.

i'm not sure to understand why you're talking about Program A & B, there
is only one C# Program, used to display interfaces, and give information
to low level dlls; like the current user logged.

I cannot run my application with a standard user without errors.
I feel dirty because by clicking Start Menu, i can see i'm logged with
toto but i do not find any way to get this information with my program...
i was happy to find a solution : Get the user name of explorer.exe
process, but with two session logged, i 've got 2 explorer processes ;-(
lol

Thinks for you interest, i still looking for a hack to bypass a eventual
query to user...
Regards,
GuiD

Hi Willy & Marra,
Thanks for your answer
The fact is my application need admins rights because i use low level
stuff (developped in C++) who requires Admin rights and if my C#
Application is not elevated, i experience Side by Side configuration
issues ...

My elevation is requested by using a [ApplicationName].exe.Manifest & a
post build events to embend it after compilation.

My needs are pretty simple, i offer to current user services to handle
data contained in part in his Documents folder (Users\toto ...
\Documents .. \Pictures ) ...

but in my case, Documents, Pictures ...etc are targetting ADMIN folders
...

This is what I understand from what you are telling, a user "TOTO" starts
a program A, that on it's turn starts another program B, to run as ADMIN
(elevated), and you expect that this program can access the profile of
TOTO, right?
Well, if that's the case, I would like to know how A starts B, more
precisely I would love to see the code that starts B.

Willy.

 

[Willy Denoyette [MVP]]

Sorry willy, i havn't source code here, i'm in france and here is
Midnight:30

My C# Application (with Manifest embended to request Rights elevation so
used in ADMIN account mode)
communicate with a COM ActiveX.
the ActiveX Launch low level DLL (impossible for me to import them, or
only by LoadLibray & GetProcAddress ... this solution was not retained by
Architects)
Low level Dlls constitude the Core engine of the application.

i'm not sure to understand why you're talking about Program A & B, there
is only one C# Program, used to display interfaces, and give information
to low level dlls; like the current user logged.

I see, you are logged on to Windows as TOTO, but at program start, you
specify the credentials of ADMIN when prompted for consent.
That means that your program gets started as ADMIN, with the profile (and
environment) of ADMIN loaded in the process, by the OS. A process in Windows
can only have one profile loaded, so you can't access to the logon users
(TOTO) profile.
I don't know what you mean with "launch low level DLL" , DLL's are not
launched, nor do I know what you mean with "COM ActiveX ", is this an
out-proc COM server (exe) or an in-proc server (dll)?
If it's an out-proc server, then there is no need to run your program as
ADMIN, you only have to run the out-proc COM server as ADMIN (elevated).


Willy.

 

[GuiD]

Hy,
Active X is .ocx ...
Anyway i finally found a simple solution ... (Thanks willy, you help me...)
i create a classic program named launcher.exe who run with current user (non
elevated)
this program retrieve current user info (Environment.UserName etc...) and
launch my elevated application with username in startinfo arguments ...
i'm sorry that i don't provide more information about my application but
it's an important risk for me to say more about ... with my boss who is not
agree we talk about our software solution...

Thanks Nicholas & Willy for your help,
best regards,
GuiD