You have to run this code with administrative privileges...

How are you running it - as a normal user?


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

In fact, the account I'm using is an administrator account, but I think that
by default, Vista doesn't even give administrator privilege to do many
things. Administrators have permission to change the privileges, but they
don't get many by default.

And in any case, I think in this situation, it depends on the executable
calling my code, right? My code is in a DLL being executed out of the global
assembly cache and is ultimately being called by Microsoft Word 2007. That
is, Word is the 'exe', which eventually calls my GAC assembly (by means of a
COM Add-in). Word is not being "Run as Administrator", but just as normal
(which I think means that it doesn't inherit administrator privileges from
the user's account).

So if Word isn't being run "as Administrator"--even though I'm on an
Administrator account--my GAC DLL will just inherit the permissions that
Word has (which is effectively limited), correct?

In fact, I had intended this to be a limited account, because I have to make
this work on a limited account also, but I recently checked and discovered
that the account I'm logged into is actually part of the Administrators
group.

Now, when I say that "I have to make this work on even a limited account",
I'm fully aware that this should require something like I asked in my last
message: I would like to call something in my GAC DLL which results in the
user getting the 'you need administrative permissions to do this" dialog and
if they say "Accept", then I can do it. If they say "Don't accept", then I
feel free to fail to do it (c.f. trying to start Regedit on Vista--even with
an adminstrator account--you still get the "User Account Control" dialog box
saying "Windows needs your permission to continue: Continue or Cancel).

But my problem is that I can't even figure out what to call to get the UAC
dialog box to show up. Or maybe it is the case that you can only get that
dialog box when the application is started and then only when it's started
by the operating system (rather than programmatically or during the course
of execution)? And, in particular, maybe there's no way at all of doing this
in a GAC DLL...

The bummer is that 98% of the operation of my GAC assembly is very
straightforward and needs no additional privileges, so I'd hate to have it
always "Run as Administrator" (even if that's possible) since that is only
necessary in a very small use case. But when one of those 2% additional
cases occur when I have to write to a file on the disk, it be nice if I
could request additional permissions at that time.

Bob


"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:51eb3048bd208c93808e8476440 (AT) news (DOT) microsoft.com...

Your program needs a manifest to tell Vista it needs administrative
permissions. This will cause Vista to throw a UAC prompt when the program
starts then the program will get administrative permissions. A better way to
do it is figure what ACLs need to be set and do it during the install.
Create a manifest for the installer. The program itself shouldn't need to
run as an administrator.

http://msdn2.microsoft.com/en-us/library/aa480150.aspx

http://technet2.microsoft.com/Window....mspx?mfr=true

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Bob Eaton" <pete_dembrowski (AT) hotmail (DOT) com> wrote

OK - i see.

Yes you are right - the component runs with the privileges (token) of the
user that started Word.

In Vista there are two types of accounts - administrator and limited users
- the privileges they get by default are very similar - but an administrator
can choose to elevate using UAC. That means you should design your software
for a limited user (without having to elevate since in corporate environments
users will be limited users).

That in turn means you should set the necessary ACLs at deployment time (when
you add the COM addin or the GACed component - in this moment you need full
admin privs anyways and can modify the necessary ACLs on the shared directory).

makes sense?

That all said - you can manually elevate a process. You can use Process.Start()
with a ProcessStartInfo that has the verb set to "runas" and UseShellExecute
to "true". But this will only work for users in the administrator group.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

This makes sense. But, can you call Process.Start with a DLL? Or did you
mean that I should start Word that way?

And also, it sounds like there's no way of doing this *during* execution
(e.g. when I discover I'm in the unusual case of needing to write to the
registry, let's say). It has to be done when the app starts (in this case
Word, right?), or not at all.

Thanks to both of you for all your patient help on this :-)

Bob


"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:51eb3048bd418c93864d3d02540 (AT) news (DOT) microsoft.com...

Hi,

as i said - you should assume that Word cannot be elevated (normal user scenario).
You should do all the necessary steps (ACLing etc) during an installation
process.

And you have to factor out the functionality into an .exe, yes - there is
another way for COM DLLs - but that, of course, required COM.

You can do that in between (e.g. restarting your own process) - you can do
a graceful check if you have full privileges by checking if your current
user has the administrator group enabled in the token, e.g.

if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsI nRole(WindowsBuiltInRole.Administrator))
{...}


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)