Prompt to restart a process for administrative privilege - c++

I am the only user and admin of my computer. My account doesn't have password because the computer is located in a secret room. I want to restart a process as administrator.
I don't want to change manifest because it makes the process to run always on administrative privilege.
I want administrative privilege only when I need it.
Using functions CreateProcessWithLogon, LogonUser and command tool runas.exe is not appropriate for me because I have no password.
What can I do? Moreover when I run an application as administrator, it prompts but it doesn't ask for password. Is there any way to make such a prompt?

Moreover when I run an application as administrator,it prompts but it doesn't ask for password.Is there any way to make such a prompt?
It would ask you for the password if you attempted to run the application as administrator from user account with limited user rights (non-admin).
If you wish to run under admin rights only when you really need them, you should split your application to two parts: one part would run under limited rights, the other, only capable to do the administrative actions and nothing more, would be run only at need (so it should not "run away").

Related

how to delete local machine registry key?

I need to delete some local machine registry keys, I tried all registry delete routines but the result is through admin account I cant do it. how can I set access rights of my application to system account using windows API routines???
I also used this routine RegDeleteKey but returned value 5 means access denied, I run my application under full admin rights
even manually open regedit with admin rights, I wont be able to delete local machine registry keys. for purpose I need system account rights.
i opened regedit with system account rights and i was able to delete local machine keys successfully. now i need to do this programmatically
You either need to run your application as an administrator (Run as administrator in the context menu of Explorer), or you need to add a manifest to your application, indicating that your application needs administrator rights. In the latter case, a UAC dialog will ask you for administrator credentials.

Create .exe in Qt with admin privilege

I've coded a programm that require to be run as an admin privileges. I'm aware that I can do that through going to property/Compatibility/Run as adminstrator in Windows but how can I do that if possible to make it programmatically, so that when launched programm automatically gained Adminstrator privilege level?
Yes, with an application manifest that requests admin privileges.
http://msdn.microsoft.com/en-us/library/bb756929.aspx
(This will still ask the user whether he wants that, of course. And if your account cannot have admin privileges, the user will also have to use Run As to choose a different account.)

Creating Firewall rule for a process running in a Non-admin user account

I have a basic requirement - to run my application smoothly on Windows by creating firewall rules when prompted, that has windows firewall turned-ON.
When I log in to my system as an user with Admin privileges when I run my application the first time, the firewall comes up with a prompt, I inform it to allow my app and create a rule, nice.
However when I turn-on my PC, log in as a non-Admin user, and I run my application, the firewall shows up with a prompt as expected; however when I click on the same options as I did from the Admin user, the firewall prompt keeps popping up continuously even though I clicked on Allow /ok every time the prompt appears. The prompt only goes away when I click on "Cancel / Block" the application from running, which is obviously not what I want to do.
So here comes the million $ question, What and How should I change my application code to run smoothly by creating the firewall rule successfully the first time I click on the firewall prompt to allow my application; exactly the same way it is working when I run my application as an user with Admin privileges.
I have done my bit of searching online and have come to understand that Non-admin users cannot modify firewall rules (cannot even create them???). BTW I have tested this scenario on Windows XP, Vista 7 both x86 and x64 with same results.
If someone has encountered and / or solved similar issues please share your knowledge. If I am missing something, please make me understand what I am missing.
Thanks
I don't think what you are trying is possible in a non-admin account. What you may try is to gain admin privilege by using the windows runas feature by creating a new process, so that the user is prompted for the username and password of the Admin Account, which would give your program the required access to create firewall rules for your program.
You may also take a look into CreateProcessAsUser or LogOnUSer . Basically in order to succeed in what you are trying to do, you need a token that represents the Administrator account or an account which has admin privileges.

How to check whether a user is in Administrator group in Install Shield 2009 Basic MSI Project

Install Shield 2009, Premier, Basic MSI Projcet:[I want to allow only administrator users to run setup]
In the
Releases->MyProductConfiguration->MyRelease->Setup.exe tab i chose "Required Execution Level" = "Invoker" and in
General Information->Product Properties I put a Install condition as Condition = "AdminUser" Message = "Require Admin user to run this..."
The problem is only the main Administrator can install it. Any other user say "Test" with Administrative privilege can't install and get the error message "Require Admin user to run this..."
So how to allow only those user who are in Admin group to install and restrict others.
the above problem you can achieve through Installscript
For example :
if(SYSINFO.WINNT.bWinNT) then
if ( !SYSINFO.WINNT.bAdmin_Logged_On) then
MessageBox(You must be logged in as admin, SEVERE);
abort;
endif;
endif;
First this will check for which O.S. then logged-in user is TRUE, the end user is logged on under NT with administator rights. or quit the application.
Hope this helps you...
There are (at least) two ways:
Check if SYSINFO.WINNT.bAdmin_Logged_On is TRUE. If so, the user has Administrator privileges.
Check if Is(USER_ADMINISTRATOR,"") returns TRUE. If so, the user has Administrator privileges.
You can use any one.
This can be done in Basic MSI Project by going into the Installation Designer -> General Information -> Summary Information Stream -> Require Administrative Privileges = Yes

Impersonating users to access hives - various methods, what are the practical issues?

I am designing a Service to run under LocalSystem account on Win2000, XP and Vista. It will need access to users registry hives, sometimes for extended periods of time, both when the users are logged-in, and also, when they are not logged-in (IF the profile is local. If the profile is Roaming and not loaded, I will not attempt to load it.)
If the user is logged-on, I can get the Users access token by various means (E.g. from its Explorer process, or by receiving Logon events from the Service Control Manager) then use ImpersonateLoggedOnUser and RegOpenCurrentUser to access the User's hive. However, what are the implications if the User selects LogOff from the start menu while I am impersonating and have his hive open? Will the logoff be prevented? Will my impersonation be terminated?
If the user is not logged on, I can use RegLoadKey to directly open the hive NTUSER.DAT. (Impossible for a logged-on user). But what are the implications of this if the user decides to log-on (I suppose the hive will be locked and the logon either prevented, or may experience difficulty?)
I will be setting up some test projects to explore these ideas however, regardless of their apparent results, these questions are theoretical in terms of what type of problems might, or would, be caused by the user loggin in/out during these actions by the service.
Caveat: ImpersonateLoggedOnUser can ONLY be used either for a logged-on user (token obtained from process or SCM event) OR for a user for which I have the plaintext password to call WinLogon and obtain a token - TRUE / FALSE ? In other words although I have maximum permissions as LocalSystem and am able to change the user's password or even delete the user's account, if the user is not logged-on, it is totally impossible to create a new token to impersonate the user without having the the password?
Apparently, there is some risk of damaging a user's profile if it is already loaded by another process when the user logs in. In that case, the system will try to create a new subdirectory for the user.