Win7: What's the difference between starting Windows Explorer in Admin Mode vs. cmd.exe in Admin mode?

2
votes

I am currently using a VB-Skript, which is used to start a setup.exe file, which requires administrative privilleges in order to be installed correctly, if it is not started as an administrator it will return a corresponding error message. Both the script and the setup are located on a window share that is located in a network classified as "Worokplace" in Win7 (32 Bit).

I have the foloowing strange effect, which I do not understand:

  • I run explorer.exe as "Administrator", and start the script by doubleclicking, which results in a final errormessage that setup.exe requires administrative privileges in order to run. I thought that when I run explorer.exe as Administrator, all other processes started within will have the same privileges.

  • I tried the same by starting cmd.exe as an Administrator, run the vbs by simply typing myscript.vbs, and the installation succeeds.

Obviously, the same script started from explorer with administrative rights and started from cmd.exe with administrative right finally gets different privilleges, which is what I do not understand at all. Can anybody please explain what's going on there?

Thanks alot

1
windows-7installationexplorercmdadministrator
Did you also run your script from the share via cmd.exe? That is likely to be relevant here. - themel
Are you using an MSI package or a proprietary installer engine? - rmrrm
Yes, of course I ran the script from the same location. I have also noticed that when you start an explorer.exe with administrative rights, and then start cmd from it, the cmd window does not have any administrative rights. So it looks like explorer is not passing the rights/privilleges granted to processes it starts, which I find somehow confusing. - Erik

1 Answers

1
votes

Any process can start a child process, and the parent process can choose what environment (including access rights) the child process will run in. The difference is simply that cmd.exe allows child processes to inherit its own environment, while explorer.exe will only apply administrator privileges if it has been told to do so, either by right-click and 'Run as administrator' or by editing the properties of a shortcut.

The bottom line is simply that they are coded that way.