By Scott Marlowe


2008-09-25 13:38:00 8 Comments

I'm trying to install a service using InstallUtil.exe but invoked through Process.Start. Here's the code:

ProcessStartInfo startInfo = new ProcessStartInfo (m_strInstallUtil, strExePath);
System.Diagnostics.Process.Start (startInfo);

where m_strInstallUtil is the fully qualified path and exe to "InstallUtil.exe" and strExePath is the fully qualified path/name to my service.

Running the command line syntax from an elevated command prompt works; running from my app (using the above code) does not. I assume I'm dealing with some process elevation issue, so how would I run my process in an elevated state? Do I need to look at ShellExecute for this?

This is all on Windows Vista. I am running the process in the VS2008 debugger elevated to admin privilege.

I also tried setting startInfo.Verb = "runas"; but it didn't seem to solve the problem.

5 comments

@Yevgeniy Shapiro 2008-10-23 23:56:19

According to the article Chris Corio: Teach Your Apps To Play Nicely With Windows Vista User Account Control, MSDN Magazine, Jan. 2007, only ShellExecute checks the embedded manifest and prompts the user for elevation if needed, while CreateProcess and other APIs don't. Hope it helps.

See also: same article as .chm.

@Dirk Vollmar 2009-04-03 12:42:23

Thanks, this was the only way I got it to work.

@mdb 2008-09-25 13:57:54

You can indicate the new process should be started with elevated permissions by setting the Verb property of your startInfo object to 'runas', as follows:

startInfo.Verb = "runas";

This will cause Windows to behave as if the process has been started from Explorer with the "Run as Administrator" menu command.

This does mean the UAC prompt will come up and will need to be acknowledged by the user: if this is undesirable (for example because it would happen in the middle of a lengthy process), you'll need to run your entire host process with elevated permissions by Create and Embed an Application Manifest (UAC) to require the 'highestAvailable' execution level: this will cause the UAC prompt to appear as soon as your app is started, and cause all child processes to run with elevated permissions without additional prompting.

Edit: I see you just edited your question to state that "runas" didn't work for you. That's really strange, as it should (and does for me in several production apps). Requiring the parent process to run with elevated rights by embedding the manifest should definitely work, though.

@Dirk Vollmar 2009-04-03 12:43:11

"runas" didn't work for me either. Might be that it only works with UAC turned off?

@Johnny_D 2012-04-17 14:04:49

It helped me, I wonder if this works for all windows OSs?

@Despertar 2013-01-26 00:17:31

This does not seem to work on Windows 8. Worked fine on previous versions.

@Colton 2013-03-11 16:32:35

@LukePuplett I'd thank them. It's a great way to mitigate root-kit installation without actually segregating the user roles completely.

@Luke Puplett 2013-03-26 11:46:30

@Sparksis No its not. And the other dreadful 'invention' was blocked .zip files extracting into useless blocked files.

@Jet 2013-03-27 20:14:11

@Sparksis, but there's also another point of view. The people who know how to defend their OS, they know how to do it without UAC. And dummy users, who don't know what's defence, they are clicking 'YES' everytime when they see UAC window. Also nothing can prevent bad-hackers-virus-writers from using exploits to bypass it;) So I agree with LukePuplett =)

@Mark Allen 2013-04-01 22:06:06

I just tried this (the .Verb = "runas", not the manifest embedding) for the first time today and it worked as expected on Windows 8 Enterprise. Maybe it has to do with what version of .NET you're using? Mine happened to target .NET 3.5.

@TCC 2013-09-27 14:53:05

Looks like you have to set startInfo.ShellExecute=true as well for this to work ... also I haven't been able to get this method to work with executable files that are on a network share (have to copy them to local temp directory before running) ...

@Kiquenet 2014-08-22 11:22:15

I try using UseShellExecute = false; Verb = "runas"; RedirectStandardInput = true; Domain = du[0]; UserName = UserAdministrator; Password = SecureStringHelper.ToSecureString(pwd); LoadUserProfile = true; And using requestedExecutionLevel in manifest. If I use UseShellExecute = true; I get the error The Process object must have the UseShellExecute property set to false in order to start a process as a user.

@user565869 2014-09-22 19:29:55

@TCC: That issue is dicussed at stackoverflow.com/questions/3596259/…

@Basic 2015-03-25 09:49:48

@Jet Sorry but that's the wrong mindset. Every time a UAC dialog is shown during install, that's a failing of the system. Where it's valuable is when you see a UAC box without running something requiring elevation. Doesn't matter how pro you - any of us - think we are on our PCs, you can't magically block zero days/drive-by downloads (eg a recent one on the official Nobel Prize site). If you browsed to that site and got a UAC prompt, you'd know there was something wrong. With UAC off, you'd never know you just joined a botnet. The cost of the advance warning is having to click Yes occasionally

@Fandi Susanto 2016-11-10 05:08:36

No... didnt work. I'm using Windows 10.

@hB0 2012-01-12 08:43:21

[PrincipalPermission(SecurityAction.Demand, Role = @"BUILTIN\Administrators")]

This will do it without UAC - no need to start a new process. If the running user is memeber of Admin group as for my case.

@Leonardo 2015-09-21 18:57:53

Using this code I get an permission error: "Request for security entity permission failed." :(

@hB0 2015-09-22 09:30:34

Perhaps "If the running user is memeber of Admin"*

@Simon_Weaver 2017-04-17 10:22:35

interesting - this can go on any method, not just an action method (I even tried it on method defined in an ASPX page)

@Curtis Yallop 2012-06-05 22:12:08

This code puts the above all together and restarts the current wpf app with admin privs:

if (IsAdministrator() == false)
{
    // Restart program and run as admin
    var exeName = System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName;
    ProcessStartInfo startInfo = new ProcessStartInfo(exeName);
    startInfo.Verb = "runas";
    System.Diagnostics.Process.Start(startInfo);
    Application.Current.Shutdown();
    return;
}

private static bool IsAdministrator()
{
    WindowsIdentity identity = WindowsIdentity.GetCurrent();
    WindowsPrincipal principal = new WindowsPrincipal(identity);
    return principal.IsInRole(WindowsBuiltInRole.Administrator);
}


// To run as admin, alter exe manifest file after building.
// Or create shortcut with "as admin" checked.
// Or ShellExecute(C# Process.Start) can elevate - use verb "runas".
// Or an elevate vbs script can launch programs as admin.
// (does not work: "runas /user:admin" from cmd-line prompts for admin pass)

Update: The app manifest way is preferred:

Right click project in visual studio, add, new application manifest file, change the file so you have requireAdministrator set as shown in the above.

A problem with the original way: If you put the restart code in app.xaml.cs OnStartup, it still may start the main window briefly even though Shutdown was called. My main window blew up if app.xaml.cs init was not run and in certain race conditions it would do this.

@JCCyC 2014-09-10 22:20:20

See below for improvements.

@chris 2015-11-18 03:16:58

requireAdministrator did not work in my case. So I had to do it your way. This solved my problem ! thank you. But I had to set Single Instance Application to false.

@Vijesh VP 2008-09-25 13:53:55

You should use Impersonation to elevate the state.

WindowsIdentity identity = new WindowsIdentity(accessToken);
WindowsImpersonationContext context = identity.Impersonate();

Don't forget to undo the impersonated context when you are done.

@cwa 2011-03-30 18:45:39

You haven't said how to get the accessToken. LogonUser will provide a user's restricted security context when UAC is enabled.

Related Questions

Sponsored Content

26 Answered Questions

[SOLVED] How can you find out which process is listening on a port on Windows?

7 Answered Questions

[SOLVED] Starting a process with credentials from a Windows Service

0 Answered Questions

How to launch Regsvr32 in an elevated command prompt via CreateProcessAsUser

  • 2017-03-02 17:25:23
  • P_Fitz
  • 150 View
  • 0 Score
  • 0 Answer
  • Tags:   c# windows cmd

1 Answered Questions

0 Answered Questions

C++: Communication with elevated child process on Windows

4 Answered Questions

[SOLVED] Process.Start with different credentials with UAC on

1 Answered Questions

[SOLVED] Granting admin privileges to a process

  • 2014-01-02 15:14:14
  • meraydin
  • 523 View
  • 0 Score
  • 1 Answer
  • Tags:   c# pinvoke

2 Answered Questions

[SOLVED] How can I automatically elevate a COM interface used for automation?

  • 2010-03-13 19:44:34
  • Jim Flood
  • 759 View
  • 0 Score
  • 2 Answer
  • Tags:   windows com uac

Sponsored Content