Launch application with less permissions than “Run

2020-07-26 09:43发布

问题:

I have an application which needs to run As Admin. - no problems with this.

This app sometimes needs to launch a secondary application, however this second application inherits the "Run as Admin" elevated status from the parent application. I don't want this, I would like to launch the second application with the same rights as would be granted when not launching "As Admin"

I can find many articles for this scenario the other way round, but none for lowering access rights.

Is this possible?

回答1:

This MSDN post redirected me to this SO question

It proposes the following since starting a non-elevated process from an elevate is error-prone:

  1. Your app initially starts as non-elevated application, and its manifest has asInvoker level.

  2. When it starts, it restarts itself with elevated privileges using runas verb, and passes a command-line parameter to indicate it. This instance performs all parts that need admin priviledges.

  3. Here comes the non-elevated app again, and starts your secondary application with the same non-elevated user token that started the first instance of the app in step 1.

I hope this can anyhow be applied to your scenario.

As said, what you want to achieve is very error-prone, yet in this SO question there are some possible hacky solutions.