c# starting process with lowered privileges from UAC admin level process

Question

I have one major problem with my app. I have an app & updater as a separate exe files. When an update is available, updater does the update, and on process completion it starts my app. The main problem is - app is installed in program files folder, so updater need UAC admin privileges, and that's ok, but when I need to run my app updater needs to run it as a normal user, because if it's run as an administrator drag and drop doesn't work (not an app problem, UAC blocks it). I've tried several different solutions, and even this one: How to run NOT elevated in Vista (.NET)

It haven't helped me - my app is run as an administrator.

Answer 1

You'd better avoid starting a non-elevated process from an elevated one. It's tricky part and error-prone.

This approach is better:

1. Your updater initially starts as non-elevated application, and its manifest has asInvoker level.
2. When it starts, it restarts itself with elevated privileges using runas verb, and passes a command-line parameter to indicate it. This instance performs the update and returns.
3. Here comes the non-elevated updater again, and starts your application with the same non-elevated user token that started the first instance of updater in step 1.

Pretty simple and robust.