Windows shell with admin privileges

  1. 2 weeks ago

    Hi!

    I am writing an app that starts a command line applications and processes this application's output. For this I am using Xojo's shell class.
    I would like to be able to start the other application with admin privileges. When I start the other application the user should be asked for privilege escalation via the normal Windows UAC prompt.

    There are three avenues I have tried so far:

    Using VBS as documented here: https://docs.xojo.com/UserGuide:Elevating_User_Access_Control
    This does not seem to work anymore. The vbs file is automatically deleted when I try to execute it - probably by windows defender.

    Using the runas command in the command line.
    But with runas Windows does not open the UAC prompt, but asks for the password inside the terminal.

    Using ShellExecuteW as documented here: https://forum.xojo.com/2933-shell-command-in-adminstrator-mode/0
    ShellExecuteW opens the UAC prompt and runs the application with admin privileges. But I do not have the ability to stream process the applications output.

    Do you have any other ideas?

    Thank you :-)
    Florian

  2. Tim J

    Sep 2 Pre-Release Testers, Xojo Pro Dehydrating in AZ

    You can't do this with the Xojo shell because Windows doesn't allow the input and output of an elevated process to communicate directly with a user-level process.

    To see this:
    Open 2 cmd.exe terminals - one as your user, and one as Administrator
    Drag and drop a file from an Explorer window to both terminals

    The user window will show the path to the file
    The Administrator window will do nothing

    If you use MBS plugins, Christian may have a solution for you.

  3. Thank you Tim!

    I am using MBS! Do you have a class/module in mind?

  4. Wayne G

    Sep 2 Pre-Release Testers, Xojo Pro New Zealand axisdirect.nz

    You can set the security level for your app to administrator which will mean the shells created will also be at that level. See Windows 64-Bit advanced build settings.

  5. Thank you Wayne!

    Ideally I would like the user being able to choose if the the application runs as admin or not.

  6. Tim J

    Sep 3 Pre-Release Testers, Xojo Pro Dehydrating in AZ

    @Wayne G You can set the security level for your app to administrator which will mean the shells created will also be at that level. See Windows 64-Bit advanced build settings.

    Unfortunately, that results in the problem of not being able to drag and drop between the desktop and the app. If you don't use that mechanism, then Wayne's suggestion is the best solution.

    @Florian Kller I am using MBS! Do you have a class/module in mind?

    It's the ShellMBS functionality.

  7. Hi Tim!

    I talked to Christian: If I understood him correctly, he has not implemented all necessary calls yet. And even than it is unclear if I could achieve what I want to achieve with ShellMBS.

    Therefore I am concentrating on an approach using a helper service which runs with admin privileges.

    Thank you!
    Florian

or Sign Up to reply!