问题
I have an application that requires elevated rights (it is something like a custom installer). From within this application, I use ShellExecute() to show a PDF file. It seems as if the Adobe Reader is started with the same rights as the calling application. I would like the Adobe Reader however to be started with standard user rights and not elevated.
Is there some way I can do that? (It would be in Delphi, but for this problem the language probably doesn't matter).
回答1:
There's no really straightforward way to do this unfortunately.
One way you can do it is with Task Scheduler - you use the ITaskService interface to schedule a task to run immediately, using the non-elevated credentials of the currently logged in user.
回答2:
What you are trying to achieve cannot be done very easily and is not supported. However, it is possible using a modicum of hacking. Aaron Margosis wrote an article describing one technique.
To quote the pertinent section, you will need to carry out these steps:
- Enable the SeIncreaseQuotaPrivilege in your current token
- Get an HWND representing the desktop shell (GetShellWindow)
- Get the Process ID (PID) of the process associated with that window (GetWindowThreadProcessId)
- Open that process (OpenProcess)
- Get the access token from that process (OpenProcessToken)
- Make a primary token with that token (DuplicateTokenEx)
- Start the new process with that primary token (CreateProcessWithTokenW)
The article contains a download link for some demo C++ source from which it should be simple enough to translate to Delphi.
来源:https://stackoverflow.com/questions/17152790/start-program-with-user-rights-from-within-a-elevated-program