Posts Tagged ‘UAC’

UAC, are you high?

February 7, 2011

MSDN has a Starting Low Integrity Processes sample that creates a process with a Low IL and this works fine if the parent is running at Medium IL, but if the parent is running at High IL, UAC elevation no longer works. (The sample code does not talk about High IL parent, only Medium IL parents)

Windows does not seem to take the Integrity Level into account when checking for admin rights:
UAC Low IL Admin
When requesting elevation, it does not seem to check if Current IL < High IL and just assumes that any token that has a non-deny administrators group SID is elevated and starts the process with the wrong IL when it really should show the consent UI and force the IL to be >= High IL on the new process. Once we are in this state (Non-deny admin. group SID and IL < 0x3000) there is no way for us to elevate a child process or to get a higher IL!

It would probably come as a surprise to most people that the simple reg.exe command fails when the console has the "Administrator: " prefix and most admin check methods (IsUserAnAdmin(), TokenElevationType=TokenElevationTypeFull and TokenElevation: TokenIsElevated!=0) indicate that you are elevated! IsUserAnAdmin is only documented to check group membership and is a pre Vista API, but the other two are elevated token/privileges specific so either my definition of elevated is wrong, or there are some major bugs with the IL handling.

Advertisements

UAC, RunAs silent fail?

January 26, 2011

When running as a standard user with UAC disabled, choosing “Run as administrator” from the context menu is broken!

Silent Bob

Not showing the consent UI is understandable since UAC is not “hooked” into the system, but just starting the process non-elevated without a warning dialog is just wrong. When the runas verb is used with ShellExecute and UAC is not enabled it should just show the old Run As dialog used in Windows 2000/XP/2003.