c++ - How to elevate privileges for child process

Question

I want to make an installer that has the admin password embedded into it, so that I can let a simple user install a package.

I know that this is not good security practice and all, but that's what I am forced (by my employers) to do.

Now, I have written all the code and I am testing it in a Win7 virtual machine.

It works running it as an admin, but not when running it as simple user (which is what I want).

This is my code:

    PROCESS_INFORMATION pInfo;
    STARTUPINFOW sInfo = { 0 };
    sInfo.cb = sizeof(STARTUPINFOW);
    sInfo.lpReserved = NULL;
    sInfo.lpReserved2 = NULL;
    sInfo.cbReserved2 = 0;
    sInfo.dwX = 0;
    sInfo.dwY = 0;
    sInfo.lpDesktop = NULL;
    sInfo.lpTitle = NULL;
    sInfo.dwFlags = STARTF_USESHOWWINDOW;
    sInfo.dwFillAttribute = 0;
    sInfo.wShowWindow = SW_HIDE;

    CString cmdLine(_T("elevPrivInstaller.exe /q /norestart"));
    BOOL ret = ::CreateProcessWithLogonW(_T("IEUser"), NULL, _T("Passw0rd!"), 0, NULL, (LPWSTR)(LPCTSTR)cmdLine, 0, NULL, NULL, &sInfo, &pInfo);

CreateProcessWithLogonW() returns zero (which is failure).

GetLastError() returns: Access is denied.

Does anyone have any idea why?

As far as I see, the credentials are correct.

Answer 1

OK, this shouldn't actually be too hard, provided that UAC is configured with the default settings.

I believe that the reason CreateProcessWithLogonW() is failing is that the target executable requires elevation. If you instead run an executable that is not configured to require elevation, it should work.

At that point, you are running in the context of a limited token belonging to an administrative user. If you then attempt to launch an elevated process, e.g., using ShellExecute(), you will still get a UAC dialog - but it will be a yes/no dialog; the user will not need to enter the password.