Menu
I want to launch a process with high integrity level. The parent process is running as a System service, LocalSystem account. In one Windows 2008 machine, the sub process is of high level while in another 2008 machine, the process is the "medium" level. It looks like CreateProcessAsUser get different level in different machine.
if (!WTSQueryUserToken(sessionID, &hToken))
{//The admin user logged in the rdp session of "sessionID".
return;
}
BOOL fSuccess = CreateProcessAsUser(hToken, NULL, cmdLine, NULL, NULL,
TRUE,CREATE_NEW_CONSOLE,NULL, workDir, &si, &pi);
What bring about the difference? Is there a config or program way to solve it?
280
Don't count on the ACL of a user. Sure, it's likely that a LocalSystem account contains a High Integrity Level ACL, but that's not the reliable way to get that IL ACL. The high IL SID is well-known (SID: S-1-16-12288). Put it in a security descriptor, and pass that to CreateProcess.
65
You should be able to change the integrity level of the retrieved token before launching the new process by calling SetTokenInformation with the TOKEN_INFORMATION_CLASS parameter set to TokenIntegrityLevel.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
