The Win32 Security Management functions provide the capability to create a restricted token with normal user rights; with the token, you can call CreateProcessAsUser to run the process with that token. Below is a proof of concept that runs cmd.exe as a normal user, regardless of whether the process is run in an elevated context. … Read more
This can’t be done with ProcessBuilder, you will need to call Windows API. I’ve used JNA to achieve this with code similar to the following: Shell32X.java: import com.sun.jna.Native; import com.sun.jna.Pointer; import com.sun.jna.Structure; import com.sun.jna.WString; import com.sun.jna.platform.win32.Shell32; import com.sun.jna.platform.win32.WinDef.HINSTANCE; import com.sun.jna.platform.win32.WinDef.HWND; import com.sun.jna.platform.win32.WinNT.HANDLE; import com.sun.jna.platform.win32.WinReg.HKEY; import com.sun.jna.win32.W32APIOptions; public interface Shell32X extends Shell32 { Shell32X INSTANCE = … Read more
The WinSafer API’s allow a process to be launched as a limited, normal, or elevated user. Sample Usage: CreateSaferProcess(@”calc.exe”, “”, SaferLevel.NormalUser); Source code: //http://odetocode.com/Blogs/scott/archive/2004/10/28/602.aspx public static void CreateSaferProcess(String fileName, String arguments, SaferLevel saferLevel) { IntPtr saferLevelHandle = IntPtr.Zero; //Create a SaferLevel handle to match what was requested if (!WinSafer.SaferCreateLevel( SaferLevelScope.User, saferLevel, SaferOpen.Open, out saferLevelHandle, IntPtr.Zero)) … Read more
The solution for you is to use EXPLORER.exe process. The idea is to run the process in UN-ELEVATED mode, using windows’s file explorer process explorer.exe (info). Lets say the process that we want to launch is on $TEMP\MyUnElevatedProcess.exe. So, for NSIS code, I will just write: (but can be run in ANY language) Exec ‘”$WINDIR\explorer.exe” … Read more
i would relaunch yourself as elevated, passing command line parameters indicating what elevated thing you want to do. You can then jump right to the appropriate form, or just save your HKLM stuff. function RunAsAdmin(hWnd: HWND; filename: string; Parameters: string): Boolean; { See Step 3: Redesign for UAC Compatibility (UAC) http://msdn.microsoft.com/en-us/library/bb756922.aspx This code is released … Read more