I have one major problem with my app. I have an app & updater as a separate exe files. When an update is available, updater does the update, and on process completion it starts my app. The main problem is - app is installed in program files folder, so updater need UAC admin privileges, and that's ok, but when I need to run my app updater needs to run it as a normal user, because if it's run as an administrator drag and drop doesn't work (not an app problem, UAC blocks it). I've tried several different solutions, and even this one: How to run NOT elevated in Vista (.NET)
It haven't helped me - my app is run as an administrator.
You'd better avoid starting a non-elevated process from an elevated one. It's tricky part and error-prone.
This approach is better:
- Your updater initially starts as non-elevated application, and its manifest has
asInvokerlevel. - When it starts, it restarts itself with elevated privileges using
runasverb, and passes a command-line parameter to indicate it. This instance performs the update and returns. - Here comes the non-elevated updater again, and starts your application with the same non-elevated user token that started the first instance of updater in step 1.
Pretty simple and robust.
Look at this post on how to Enable Drag and Drop for an Elevated process. Even though it says MFC app you can cll those Windows API in Any app I suppose
来源:https://stackoverflow.com/questions/7870319/c-sharp-starting-process-with-lowered-privileges-from-uac-admin-level-process