PawelPepe 1 Posted July 3, 2023 Hi, Here is a problem. I would like to run an application with normal user privileges from elevated process. My installer (elevated process) is written in Delphi. It launches some programs at the end of installation. Now, as Installer is elevated, lauched process is also elevated - we don't want this! The goal is to launch non-elevated process from elevated installer process. So: - Launch any application with normal user privileges - Launch default web browser with given webpage - Send email to given person (with protocol Sendto:) As far as I know it can be done using Windows Explorer process. I couldn't find any Delphi code for that in Internet 😞 I only found C- based. Here is one that suppose to work: https://www.appsloveworld.com/coding/delphi/48/createprocess-with-lower-privileges-than-the-caller Could you please try to convert it into Delphi? I tried, but without success (see below example). There are some problems with pointers (I tried to do pointers typecasting - it compiled, but with access violation)... For example: FindDesktopFolderView(IID_IShellView, spsv); --> FindDesktopFolderView(IID_IShellView, Pointer(spsv)); I am sure, this is not a way I should do. Here is my code in simple project. Source: https://www.dropbox.com/s/6ndno59brgbn6l0/ExecAsUser.zip?dl=1 Thanks in advance, -Pawel Share this post Link to post
Der schöne Günther 316 Posted July 3, 2023 (edited) Just saying: Your source is just a copy from @Remy Lebeau's original post on https://stackoverflow.com/a/37949303 Edited July 3, 2023 by Der schöne Günther Share this post Link to post
DelphiUdIT 176 Posted July 3, 2023 (edited) May be you can also use this: https://learn.microsoft.com/en-en/windows/win32/api/securitybaseapi/nf-securitybaseapi-createrestrictedtoken?redirectedfrom=MSDN If you use a thread to launch the activities, you can set new lower privilege with "SetThreadToken" and after that launch what you need. If you don't use a thread you must use "NtSetInformationProcess" to set lower privilege to current application. I use that very long time ago and I don't have any example at hand (and I don't know if it works now). Bye Edited July 3, 2023 by DelphiUdIT Share this post Link to post
PawelPepe 1 Posted July 3, 2023 (edited) 2 hours ago, Der schöne Günther said: Just saying: Your source is just a copy from @Remy Lebeau's original post on https://stackoverflow.com/a/37949303 @Der schöne Günther Did you read my post? No, my code is not a copy - this is C->Delphi translation. But, not working. I din't write original code! I made delphi code based on linked code. To be clear. -Pawel @DelphiUdIT Thanks, will check that out. Edited July 3, 2023 by PawelPepe Share this post Link to post
programmerdelphi2k 237 Posted July 3, 2023 (edited) ... failed in another test... deleted! Edited July 3, 2023 by programmerdelphi2k Share this post Link to post
Guest Posted July 3, 2023 Hi, perhaps this helps: A long time ago, I've solved a similar problem differently. I split the setup into two processes: 1. client with UI and 2. elevated server with no UI. I used some modified old-style DataSnap code for inter-process communication which was easy at the time but that's just an implementation detail. https://tondrej.blogspot.com/2007/06/datasnap-to-rescue.html Share this post Link to post
FredS 138 Posted July 4, 2023 Once you run elevated you have access to the Scheduler, use Schtasks.exe to Create/Ru/Delete a task to run that app.. Share this post Link to post
PawelPepe 1 Posted July 5, 2023 Yup, I am sure there are many different methods. I can not use any that need to pass login data (user name,password). It seems the one I have (unfortunatelly in c) is the simplest. Ps: There is a simple way to do this without complication, just run explorer: ShellExecuteW(0, 'open', 'explorer.exe', PWideChar(AFileNameToRun), '', SW_SHOW); But, this can not send mail with default client... so the best is to run any app with normal user privileges. Share this post Link to post
Sherlock 663 Posted July 5, 2023 Considering most of the installers known to me don't care about this particular issue, I would weigh cost against benefit and end up letting it go. But then again, I'm not nearly as ambitious as I used to be 10 years ago. Share this post Link to post
FredS 138 Posted July 5, 2023 4 hours ago, PawelPepe said: But, this can not send mail with default client... so the best is to run any app with normal user privileges. Not so simple then, I've not seen running code that executes with identical integrity, tokens and access.. A few posts on SO claim to have solved it but the Scheduler works so I've found no need to retest all for that.. ShellRun('Open', 'Schtasks', '/Create /F /SC ONCE /TN taskname /TR "<cmd>" /ST 00:00', swHide); ShellRun('Open', 'Schtasks', '/Run /TN taskname', swHide); ShellRun('Open', 'Schtasks', '/Delete /F /TN taskname', swHide); Add some error checking and it works.. 1 Share this post Link to post
PawelPepe 1 Posted July 8, 2023 @FredS Thanks... Will try that magic. Many paremeters... Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
