2
votes

I run on the machine as admin, but with the UAC set to default mode.

I start an installation program (using "Run as administrator"). From the installation process (using Wix) I start a client program that creates some files on the disc (C:\ProgramData...).

var startInfo = new ProcessStartInfo()
            {
                WorkingDirectory = installLocation,
                FileName = fullPath
            };
Process.Start(startInfo);

This first time the program runs, I can access all the data stored on the local disc without problems.

If I close it and start it again, I receive this error message:

Access to the path 'C:\ProgramData...' is denied.

If I start again the application using "Run as administrator" I can access the files from local disc; no error this time. The access path error appears only when I start the application directly.

Is this due to the settings from UAC or it is related that the local files where created under a more privileged user account?

4
Is this your program? I think you'll need to add something to the program's manifest file to request elevated permissions. See, for example, aneef.net/2009/06/29/… and stackoverflow.com/questions/2818179/…Matthew Watson

4 Answers

1
votes

Yes, the application will run without elevated privileges which are required to access ProgramData and other sensitive system folders or user related folders.

Any process you spawn from within your application will inherit the privileges your application has.

You need to create a manifest for your application to request elevated rights upon starting so you will have access to those folders.

1
votes

Yes, as you say the local files are created under a more privileged user account.

You can check this passing the admin credential with ProcessStartInfo

var startInfo = new ProcessStartInfo()
            {
                WorkingDirectory = installLocation,
                FileName = fullPath,
                UserName = "Administrator",
                Password = "password"
            };

You can bypass this simply creating the ProgramData folder with lower privileges:

Add "Everyone" privilege to folder using C#.NET

1
votes

or you can force that the application has to be started with administrator rights..

Project - Add New Item - "Application Manifest File".

change

<requestedExecutionLevel>

to

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
0
votes

When starting a new process, it inherits the privileges of the current process.

So if your process was elevated, the created process is elevated too. Second time you run your program, if it's not elevated, the spawned process won't be too.

You can specify the runas verb to force the display of the UAC pop-up that will allow to manually elevate your spawned process:

ProcessStartInfo startInfo = new ProcessStartInfo
{
    UseShellExecute = true,
    FileName = "cmd.exe",
    Verb = "runas"
};