1
1
I can run processes with a specific TrustLevel
like this:
RunAs /TrustLevel:0x20000 process.exe
But, how do I find out the TrustLevel
of a process that is already running? Is there any app available which can show this info?
1
1
I can run processes with a specific TrustLevel
like this:
RunAs /TrustLevel:0x20000 process.exe
But, how do I find out the TrustLevel
of a process that is already running? Is there any app available which can show this info?
2
The trustlevel parameter is a legacy thing that is related to software restriction policies (SRP) in Group Policy. It allowed an administrator to run a otherwise blocked program.
SRP used to have three levels: restricted, unrestricted and "default user". The "default user" setting was retired with Windows Vista, so this parameter isn't useful anymore, and there's only one trustlevel available anymore.
Please note that the trustlevel does not relate to UAC integrity levels.
1I believe that you are wrong. The
RunAs
tool doesn't show all the availableTrustLevel
s when requested using theShowTrustLevels
argument. There are at least fourTrustLevel
s available in Windows Vista+ :Untrusted = 0x1000, Constrained = 0x10000, NormalUser = 0x20000, FullyTrusted = 0x40000
. You can verify this by running any app that shows you whether it has admin rights or not usingRunAs
and specifying the differentTrustLevel
s I mentioned earlier. – Elmo – 2013-07-22T15:06:09.613Check this for more details : http://stackoverflow.com/a/287072/864101 . Also programmers can specify 3
– Elmo – 2013-07-22T15:08:42.343TrustLevels
in the manifest file:asInvoker, requireAdministrator, highestAvailable
Sounds like I'm indeed partially wrong - there's no "clear" explanation for the trustlevel parameter. But anyway, I still do believe that it is related (or at least only partially related) to the UAC privilege levels (low, medium, high, system) or the application manifest requestedexecutionlevel. If you want to get the integrity label of a process, you have to enumerate its DACL. – Martin Binder – 2013-07-23T08:22:57.630
1The manifest entry requestedExecutionLevel specifies the Integrity Level the program is to run at. Prior to Windows 8 there were four levels used: System, High, Medium, Low. Process Explorer can be configured to show process integrity level. – David Marshall – 2013-07-28T15:03:09.673