Hi,
I need to launch a GUI app, MyApp.exe, for a regular (or, non-Administrative) user whenever a system-wide event occurs.MyApp.exe must then run with elevated (or, Administrative) privileges, without requiring this regular user to enter the Administrative password. By "system-wide event" I mean that even a regular user would be able to see this event. In fact,
this event will occur only when a user is logged on and is interacting with the system.
So for this, I created a background monitoring program, MonTask.exe, that continuously monitors for the event. To startMonTask.exe early on, I configure it in Windows Task Scheduler to start running on theWindows Startup trigger, like so:
Action: Start a program
Program/Script: cmd
Add arguments (optional): /c path/to/MonTask.exe
Now, MonTask.exe is a C-based program that itself launches MyApp.exe from inside of it, like so:
system("cmd /c path/to/MyApp.exe");
However, the problem is: I can see the MyApp.exe process listed inTask Manager when the event occurs but I cannot see its GUI/window!
Now, I did refer to the "Task Security Context" TechNet article, whereit is recommended that we use the"Run the task only when the user is logged on" option.
But the problem still is, the following 3 conditions cannot hold true all together:
1. The logged-on user is a regular user.
2. MonTask.exe runs with elevated privileges (to allow it to later launchMyApp.exe with elevated privileges).
3. The Administrative user may not necessarily be logged in.
Essentially, I'm looking for a password-lesssudo-like feature for a GUI program: When the event occurs for the regular user, the system should be able to run a specific GUI program with elevated privileges without requiring her (the regular user) to enter even her own password (let alone requiring her to enter the Administrator password)!
Note: Earlier, I had tried making MonTask.exe a Windows Service instead of a regular console program to be able to reap the (a) automatic startup and (b) elevated privileges features that would come automatically with a Windows Service. But it seems, Windows 7 onwards, a service cannot launch a GUI program unless the application is split into 2 applications communicating over IPC - which all seems quite complicated to me since no thorough example is available on how to use theCreateProcessAsUser() and WTSOpenServerEx() functions which are required in this approach!
I have not checked out 3rd party programs like sudowin, would prefer using only officially endorsed techniques.
Many thanks,
/nxs2
