Menu
I have a C# app that needs to allow the user to change the Computer Name. This is a pretty privileged operation. I can only get it to work if the user runs the app as Administrator (Windows 7, right-click on executable, "Run as Administrator"). Fine, but the user IS an administrator, so why would they need to Run AS an Administrator? I've tried this several times. It always fails if the user--an administrator--tries to do it running the application normally. It always works if they run it as "Run as Administrator".
If the answer is, "It just works that way, you have to run as admin even if you are an admin," my question is how can I detect if they are running with super-duper admin privileges? I found this, but it just checks to see if the user is part of the Administrator user group which, I already pointed out, isn't sufficient (and throws a null pointer exception).
Am I missing something here? Do I need to approach it from another angle?
396
You can use Run as to start an application as an administrator if you want to perform administrative tasks when you are logged on as a member of another group, such as the Users or Power Users group.
When you select "Run as Administrator" and your user is an administrator the program is launched with the original unrestricted access token. If your user is not an administrator you are prompted for an administrator account, and the program is run under that account. Hope the information is helpful.
It is not safe to do anything as administrator in Windows, any version. Or in Linux, for that matter. You need to internalize that: when you are operating as Administrator or equivalent, the gloves are off, and you can do dangerous things. Including giving malware running as your session the keys to your kingdom.
Administrators. Members of the Administrators group have complete and unrestricted access to the computer. If the computer is promoted to a domain controller, members of the Administrators group have unrestricted access to the domain.
It's because of User Account Control (UAC). Introduced in Vista, this changes the way administrator user accounts operate.
When an user from the administrator group logs on, the user is allocated two tokens: a token with all privileges, and a token with reduced privileges. When that user creates a new process, the process is by default handed the reduced privilege token. So, although the user has administrator rights, she does not exercise them by default. This is a "Good Thing"™.
To exercise those rights the user must start the process with elevated rights. For example, by using the "Run as administrator" verb. When she does this, the full token is handed to the new process and the full range of rights can be exercised.
You almost certainly don't want to be detecting whether or not your process is running elevated. Best practise is to mark those parts of your program that require elevation and force the system to show UAC elevation dialogs when those parts of the program execute.
The bind is that elevation can only happen at process start. So if you need to split your app into parts that require elevation, and parts that don't, there need to be multiple processes. Whilst you could mark your entire app as requiring elevation, you should not do so if the only thing that needs elevation is the very rare scenario where the computer name is to be changed.
Your next step is to bone up on the details over at MSDN. For example:
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
