F
fltcpt
My process requires admin privilege to modify system stuff. So on
Vista, it is elevated (with the request admin manifest). And it spawns
IE. I realize it would be spawning IE with the full token (since
elevation is a one way street) but to be good citizen it spawns IE
with medium integrity (the MS recommended way: dup token, change IL to
medium, then do CreateProcessAsUser with the new token). It works fine
until IE browses to a site requiring ActiveX. IE complains security
setting does not allow ActiveX install. What?? Do I really have to
have a helper process (with the splitted token) and have it spawn IE?
No otherway? The way I see it, if I choose to run IE with full token I
should still be able to install ActiveX, I don't understand the reason
of it. Could this be an IE bug?
I am starting to appreciate the hatred people have towards Vista. It's
almost like it requires every process that needs admin privilege to
have a helper and a pipe between the two. That's alot more work and
alot less reliable than before, and there are alot of applications out
there that require admin privileges - not every app is a dumb word
processor.
Anyway, any help appreciated.
Vista, it is elevated (with the request admin manifest). And it spawns
IE. I realize it would be spawning IE with the full token (since
elevation is a one way street) but to be good citizen it spawns IE
with medium integrity (the MS recommended way: dup token, change IL to
medium, then do CreateProcessAsUser with the new token). It works fine
until IE browses to a site requiring ActiveX. IE complains security
setting does not allow ActiveX install. What?? Do I really have to
have a helper process (with the splitted token) and have it spawn IE?
No otherway? The way I see it, if I choose to run IE with full token I
should still be able to install ActiveX, I don't understand the reason
of it. Could this be an IE bug?
I am starting to appreciate the hatred people have towards Vista. It's
almost like it requires every process that needs admin privilege to
have a helper and a pipe between the two. That's alot more work and
alot less reliable than before, and there are alot of applications out
there that require admin privileges - not every app is a dumb word
processor.
Anyway, any help appreciated.