Ascend4nt Posted October 7, 2011 Posted October 7, 2011 (edited) _ShellExecuteWithReducedPrivileges An odd thing about Vista+ O/S's is that, once you run a process in elevated privileges mode, you can't run other processes in lower-privileged modes.Why, you ask, would that be important?Sometimes you want - or need - to limit the privileges of a process:A very common scenario for me is drag-and-drop. Windows' Explorer does NOT allow this to occur between lower privileged processes (like Explorer itself!) and other processes. This is very frustrating for users in programs that take advantage of that.There's also some problems using certain SendMessage commands from other unelevated processes.Setting the state or properties of windows that have an elevated privilege may not work either from other unelevated processes.An install or setup program that needs to launch the installed program will more often than not want to run that program on a lower privilege level (for some of the reasons mentioned above)So, after some looking around I found two ways of running processes under a lower privilege mode. One is using CreateProcessWithTokenW (see ), and the other is using COM objects - specifically Windows Explorer's SHELL object to ShellExecute a command/program. This can be used just like AutoIt's built-in ShellExecute() function, but of course the program that runs will be at a reduced IL (integrity level).The code is based on Brandon @ BrandonLive's article here:'Getting the shell to run an application for you - Part 2:How | BrandonLive' The usage is straightforward for this one: use it like ShellExecute. The $bWait parameter is only there in case ShellExecuteWait() will be called for either non-elevated processes or pre-Vista O/S's. Example:_ShellExecuteWithReducedPrivileges(@ComSpec,' /k title Non-Elevated prompt (via Shell.ShellExecute)') Anyway, hope this helps someone out!Ascend4nt's AutoIT Code License agreement:While I provide this source code freely, if you do use the code in your projects, all I ask is that: If you provide source, keep the header as I have put it, OR, if you expand it, then at least acknowledge me as the original author, and any other authors I creditIf the program is released, acknowledge me in your credits (it doesn't have to state which functions came from me, though again if the source is provided - see #1)The source on it's own (as opposed to part of a project) can not be posted unless a link to the page(s) where the code were retrieved from is provided and a message stating that the latest updates will be available on the page(s) linked to.Pieces of the code can however be discussed on the threads where Ascend4nt has posted the code without worrying about further linking.Download the ZIP from my Site Edited October 7, 2011 by Ascend4nt meoit 1 My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now