Windows application rights

1

Can an application with admin rights give admin rights to another one on Windows?

I tried to imagine an answer but I came up with two scenarios:

  • Windows asked us if we are willing to give rights only to this application, so it's the only one with rights and it can't delegate.

  • The application has admin rights and therefore is trusted so it can give rights to any other application

I'm not asking for a method but for the feasibility.

Fortune

Posted 2015-06-03T09:47:58.277

Reputation: 111

Usually permissions are inherited when a given process starts other processes, so yes it's possible to delegate admin rights to any applications started by the application which already runs with admin rights. – Dmitry Grigoryev – 2015-06-03T09:53:09.013

Answers

1

Of course this is possible. If an app is running with admin privileges i.e. at high integrity level, then normally any apps it launches will inherit that administrative access token as well.

You can confirm this easily. Launch an elevated (admin) command prompt and run Regedit - No UAC dialog. Run Notepad - you can save in protected system folders without the following dialog being shown:

1

Karan

Posted 2015-06-03T09:47:58.277

Reputation: 51 857

Asked: 2015-06-03T09:47:58.277

Viewed: 39 times

Active: 2015-06-03T11:00:45.350