Hello there,
I want to create an elevated process without having an admin user's password. I have both kernel driver and Windows service. How can I do that? Any help is appreciated.
Thanks in advance
Since you have the Windows Service alredy set, it based on a custom App.exe?
Isn't your service already running as a privileged user?
@D18x @Tim_Roberts Yes sir, but I have another application that I want to run it with elevated privilege on centain conditions. So how can do it from the service like the Application Information service on Windows that handles UAC elevation?
It is intentionally difficult to do something like this. Perhaps if you explain your larger goal, we might be able to suggest something that helps
OK. I want to replace the UAC on the system. I am able to detect the process that wants to elevate from "Run as Administrator" menu. When I click "Run as Administrator" on cmd for example, I can detect it. At this point, I want to decide if the process should be elevated or not. If it should, I want to start that process elevated.
Based on my example, how can I start elevated cmd from my service which is running as SYSTEM?
I don't think there is a reasonable use case for that goal.
If you want to somehow make the criteria for launching elevated processed more restrictive than the standard ACL, you shouldn't need to launch the process yourself. You just intercept it and abort it if you think you should. You don't do that from your service. I can tell you how, but I'm not sure I should
If you want to make the criteria less restrictive, then you are proposing malware. The same if you just want to hijack the standard menu and do your own thing
It's for restriction and automation. So when a limited user wants to elevate a process, if it's in the application's whilelist, it should be auto-elevated. I get your point but this is how it's desined. Can you tell me the process creation method please?
I have probably said too much already on a public forum. [mods: no, but you’re getting close 
]
Maybe you already know how to intercept the request. If not, [mods]…
Look at the definitions of a process stations and desktops. As local system you have access to lots of stuff
No. You want to bypass UAC. There’s a group policy for that. Otherwise, this is a gateway for malware and we’re not helping.
Mine should be similar to this one
I know, you might say it doesn't make sense, but this is what they want.
I figured that out anyway. I'll paste the code after my tests are done, so that the next person reading this thread will find it helpful.
Hmmm… no.
Look: if you’re an admin, you can disable UAC. But we’re not going to condone, or help with, actively bypassing UAC on a system where UAC is enabled. That is the definition of malware.
I hope that’s clear.
Do not post any code here that does this, please. Cuz I’ll just have to delete it.
It's not that it doesn't make sense. It's that it is actively dangerous. It is an enormous security risk. An ethical programmer would advise their client that this approach is unacceptable.
1 Like
You know what? I'm just going to go ahead and lock this thread.
The bonus for me is that I get to use the "close" button on this new Community site, which I've never had the chance to use before. 