Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Windows 7 UAC with elevated privileges

by stringZ (Acolyte)
on Oct 20, 2011 at 22:55 UTC ( #932780=perlquestion: print w/replies, xml ) Need Help??

stringZ has asked for the wisdom of the Perl Monks concerning the following question:

I develop perl administrative applications for UNIX and Windows as well. In Windows 7 there's a security feature called UAC (User Account Control). It's probably familiar to everyone who have ever used Windows 7 or Vista so far. Every time when an application requires administrative (elevated) privileges Windows blanks out the workspace and prompts the user for permission. As far as I noticed, some applications can do this while they are running. I would like to elevate privileges of my perl script if that is possible in runtime.

I guess this is some kind of API call through a package like Win32 for perl. I Googled this for an hour but found nothing about this.

Could you help me a bit?

Thanks in advance

Replies are listed 'Best First'.
Re: Windows 7 UAC with elevated privileges
by Michael Roberts (Sexton) on Apr 24, 2014 at 10:47 UTC
    I wrote Win32::RunAsAdmin to do just that, after finding this post and others on the same topic.

      Thank you very much for writing Win32::RunAsAdmin. The one thing I needed which it didn't do was to wait for the elevated process to finish running. I came up with the following Powershell incantation to do that and pass the exit code of the elevated process back:

      # Run a process in an elevated window, wait for its exit sub win32_run_elevated { my( $exe, @args ) = @_; my $args = join " ", map { if(/[ "]/) { s!"!\\"!g; qq{"$_"} } else + { $_ }} @args; my $ps1 = sprintf q{powershell -NonInteractive -NoProfile -Command + "$process = Start-Process '%s' -PassThru -ErrorAction Stop -Argument +List '%s' -Verb RunAs -Wait; Exit $process.ExitCode"}, $exe, $args; $ps1 }

      I haven't dug deep enough into Application.Process to know whether it can wait for the elevated child as well, and as my target environment has Powershell enabled anyway, using another level of indirection isn't a hurdle for me.

      Hi, I notice you got Win32::RunAsAdmin::restart, it might benefit from remembering @INC and other stuff :) see Devel::PL_origargv - access to the Perl interpreter's argv

        I don't think it should matter - it's actually closing the current (non-elevated) process and starting the same thing again from the shell with elevated privileges, so it's going to reload @INC the same way anyway.

        Once you're not in elevated mode, you can't change - you can't "upgrade" a running process. You can even see this in Microsoft's own tools; the Task Manager has a button "Show processes from all users" when you start it as a non-administrative user. Click that button and you'll notice that the Task Manager window goes away and reappears, now with a checkbox instead of a button. That's because the non-elevated process had to be swapped out for an elevated one.

        It's kinda weird, but eh. Windows.

Re: Windows 7 UAC with elevated privileges
by Anonymous Monk on Oct 21, 2011 at 00:38 UTC

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://932780]
Approved by mertserger
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2022-01-26 17:43 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (69 votes). Check out past polls.