Can a VB6 application 'promote' itself?
PeterD
For example, the application's manifest has 'asInvoker' and later in
the program's execution it needs to do something that requires
'requireAdministrator' is it possible to promote to administrator or
not?
Has anyone tried something (stupid?) like this? <bg>
Ralph
"PeterD" <pet...@hipson.net> wrote in message
news:apsr24d54m38sn7gf...@4ax.com...
You can't 'promote' the process, but you can go off and do Administrative
things (spawn, etc) - but not without some kind of outside help (built-in or
interactive).
However, you probably don't want to do this. <g>
-ralph
Kevin Provance
Are there workarounds? Yes. But none so far are "simple" short of shelling
out to a helper app that has requireAdministrator preset.
- Kev
"PeterD" <pet...@hipson.net> wrote in message
news:apsr24d54m38sn7gf...@4ax.com...
Kevin Provance
In general, unless you're authoring a wallpaper changing utility or some
other application that needs to write to HKLM, your app shouldn't need admin
privs. What exactly do you need to do? In most cases there is a sufficent
work around (I really need to get my vista assistance site up and running).
Admin privs are only really needed to write to HKLM or some other directory
other than AppData.
The problem I've started to see frequently with VB6 and Vista is that to
operate VB, it needs to be run As Adminstrator. This is actually a bad
thing since it doesn't enforce rules for a least privileged environment and
things slip by that need to be addressed. Because VB6 is running as admin
just to work, it can write to HKLM and other directories besides AppData,
which is bad under Vista (and in general, generally <g>). This presents a
bit of a conundrum which often shows up as bugs in the finished distributed
program and are not caught in the IDE due to it's admin privs. You gotta
try and discipline yourself not to break those Vista rules, because VB won't
catch them for you in the IDE.
Again, if you want to specifically share what you would like to do, maybe we
can help you out without having to resort to elevating your app to admin.
- Kev
"PeterD" <pet...@hipson.net> wrote in message
news:apsr24d54m38sn7gf...@4ax.com...
PeterD
<ca...@tpasoft.com> wrote:
>Afterthought:
>
>In general, unless you're authoring a wallpaper changing utility or some
>other application that needs to write to HKLM,
Takes care of that. <g> yes, we do write HKLM, and that is why. BTW,
there are a few other reasons to requireAdministrator, but they are
relatively insignificant (like writing files in certain locations).
Kevin, as to your other reply, yes, that would work, but is (as you
say) non-trivial. MSFT has published a paper describing the various
ways to do this (your suggestion is one, and using a service (see my
other query a few days ago) is another.
Thanks for your thoughts, they are appreciated!
Kevin Provance
the admin required tasks and leave the primary app asInvoker.
Then again, I've never actually tried to write a service in VB. I've seen
it done and know it's possible...but have never tried it myself. I'd be
interested to hear your results as you have them. :-)
- Kev
"PeterD" <pet...@hipson.net> wrote in message
news:4lit249ta0r1ekvp2...@4ax.com...
PeterD
<ca...@tpasoft.com> wrote:
>I suppose if I was in your position, I would go the service route to handle
>the admin required tasks and leave the primary app asInvoker.
>
>Then again, I've never actually tried to write a service in VB. I've seen
>it done and know it's possible...but have never tried it myself. I'd be
>interested to hear your results as you have them. :-)
>
>- Kev
>
I'll probably go that route, but it will be later (few months at
least) before I can. We are still weighing the dual app approach vs.
the service approach, and won't know which one is best for a while.
Ralph
Ralph
Oops! Sorry hit the wrong key.
Pay attention to the security warnings. Any 'lower-level' application
commonly available that has the power to invoke anything with higher
privileges - increases the attack surface.
-ralph
Phill W.
> Can a VB6 application 'promote' itself?
Not normally, no.
> For example, the application's manifest has 'asInvoker' and later in
> the program's execution it needs to do something that requires
> 'requireAdministrator' is it possible to promote to administrator or
> not?
Not without involving the user by invoking the the Dreaded UAC Dialog.
That's the whole point of UAC.
If any old program could simply call some API to get itself "Elevated"
to a level where it can hack the machine to ribbons, every virus and
trojan would already be doing so, rendering Vista /completely/ pointless.
Regards,
Phill W.
PeterD
<p-.-a-.-w-a-r-d-@-o-p-e-n-.-a-c-.-u-k> wrote:
>PeterD wrote:
>
>> Can a VB6 application 'promote' itself?
>
>Not normally, no.
>
>> For example, the application's manifest has 'asInvoker' and later in
>> the program's execution it needs to do something that requires
>> 'requireAdministrator' is it possible to promote to administrator or
>> not?
>
>Not without involving the user by invoking the the Dreaded UAC Dialog.
That's not the problem, thank goodness. I can tollerate the UAC
dialog, but would like to avoid reloading my program, and putting the
user back to where they were when it needed to do whatever causing it
to need promotion. If it (Vista) prompts, that's life, I accept that!
<g>
>
>That's the whole point of UAC.
>If any old program could simply call some API to get itself "Elevated"
Agreed, I'm not looking to destroy! Just save reloading the program,
and forcing it to the state where it was when it needed administrator
priv.
expvb
http://www.codeproject.com/KB/vista-security/VistaElevator.aspx
PeterD
>Check this article:
>
>http://www.codeproject.com/KB/vista-security/VistaElevator.aspx
>
>
Cool, now we're headed in the right direction. <g> I'll take a close
look at that reference, it may be what I'm looking for.