Run a .net application with standard privilage on a administrator account

0

If im logged in as an administrator on windows is it possible to run a application with standard privileges? It seems like outlook is run with standard privilege even if started on from an admin account. So i believe that it's possible.

The application is one we have built ourself so we can change the manifest as we like. It's set as HighestAvailible right now. But if we change it to AsInvoker it will run with elevated privileges on a admin account and with standard privileges on a standard account.

So my question; is can i force windows to run the application with standard privileges?

Background info: The reason i want to do this is that we do some outlook integrations. And if our app is run as admin and outlook as standard a COM error occurs. If I force outlook to run as admin and our is run as admin it works just fine. If i run our app from a standard account it also works fine. So the only time it fails is when our app is run as admin and outlook is run as standard. And this seems to be the default way in windows 8.1. Outlook is started with standard privileges even on a admin account.

merger

Posted 2014-08-19T12:36:15.830

Reputation: 101

By default unless you esclate the permissions of a process launched by an Administrator the process will have non-esclated user permissions. So what exactly is your question? The solution to this problem is have your program launch/exit outlook itself. One way to acomplish this is a "launcher" program. This means have a small program that launches both applications using the permission they require. You can also use a manifest file. – Ramhound – 2014-08-19T12:40:27.587

The problem is that our program is run on both admin accounts and on standard accounts. I don't think we have permission to mess with outlook in our customers environment so we have to change our program. I want to force windows to run our program with standard privileges even if it's run on a admin account. If that is possible. – merger – 2014-08-26T18:39:52.300

Most of the time if a program requires Administrator priviliages its likely doing something it shouldn't or it should be doing that in a such a way that does not require administrator priviliages. – Ramhound – 2014-08-26T20:23:43.483

Our program can update itself with new dll files. Standard privileges does not like that very much. This is a business application and not a program for the masses. We can run as standard but not everything works. Most of our customers run it on a admin account to eliminate UAC problems. – merger – 2014-08-27T05:33:04.300

The solution seems simple. Your program should launch a separate program with a manifest file which updates the dlls – Ramhound – 2014-08-27T10:24:00.017

Answers

0

This is the default behavior in Windows since Windows Vista. This is called User Account Control (UAC). All applications start with the privileges of the shell (Explorer.exe) which runs with a filtered token.

To run applications with admin rights you have to explicitly do this by doing a right click and select "Run As Administrator" and approve this.

magicandre1981

Posted 2014-08-19T12:36:15.830

Reputation: 86 560

Asked: 2014-08-19T12:36:15.830

Viewed: 214 times

Active: 2014-08-19T18:46:35.343