The following set of articles shed light and provide sample source code for the topic.
- Article "How to create a low-integrity process in Visual C++, in Visual C#, and in Visual Basic.NET" - http://support.microsoft.com/kb/2278183
- Article "Designing Applications to Run at a Low Integrity Level" - http://msdn.microsoft.com/en-us/library/bb625960.aspx
- Article "Well-known security identifiers in Windows operating systems" - http://support.microsoft.com/kb/243330
Sample source code how to use CreateRestrictedToken to drop admin can be found here (http://www.autohotkey.com/board/topic/72812-run-as-standard-limited-user/), but it is not in C/C++.
Basically, you have to use the following call to drop admin rights (Vista+):
result = CreateRestrictedToken (hExistingToken, LUA_TOKEN, 0, NULL, NULL, NULL, NULL, NULL, &hNewToken);
If you have any questions, feel free to leave them as comments - I will provide you with answer.
No comments:
Post a Comment