Menu
I have a service (normally run as NetworkService) that retrieves process information using StartInfo. It works fine.
But a client wants to run the service as a restricted user. (a reasonable request)
According to MS docs StartInfo can only be used by a "fully trusted" user. Is there an alternative way to get most of the information from StartInfo without being "fully trusted" or to configure a restricted user that is "fully trusted" with respect to process info?
877
It sounds like you're confusing two orthogonal security systems: Windows user security and .NET code access security (CAS). While use of the System.Diagnostics.Process class requires CAS full trust, it does not require administrator user permissions, and is quite feasible for a non-admin/restricted user to run a fully trusted (wrt CAS) application.
That said, the operating system also imposes limits on what non-admin users may do with processes, particularly processes that are not running under their own accounts. Depending on what your code is trying to do with the processes, it may or may not be feasible to run your service under an account that does not have effective administrator permissions.
126
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
