Start Application with more rights

[Alexander Weiner]

Hello,

I have coded a program to change the IP-Adress Settings on a windows xp
workstation. Works with an admin account without problems. Now I like to
give some Users the program so that they can also change the IP-Settings to
logon to different Networks.

The problem is that a normal User is not allowed to change the network
settings.

Is it possible to define in the programm the username and userpassword of an
existing adminaccount so that the program can make this changes with the
admin rights while the user is starting the program with his limited rights?

Thanks for all answers.

 

[Guest]

I have coded a program to change the IP-Adress Settings on a windows xp

workstation. Works with an admin account without problems. Now I like to
give some Users the program so that they can also change the IP-Settings to
logon to different Networks.

The problem is that a normal User is not allowed to change the network
settings.

Is it possible to define in the programm the username and userpassword of an
existing adminaccount so that the program can make this changes with the
admin rights while the user is starting the program with his limited rights?

Check out CreateProcessWithLogonW or ImpersonateLoggedOnUser
Those functions can be used to do what you want.
Of course, hard-coding an administrator account into an app is bad practise.
It is dangerous, and you have to rebuild them when the password changes.

Another option could be to check the local policy settings.
I seem to remember that there is a setting that specifies which types of
accounts can be used for changing network settings.

Or you could create a service that runs with local system rights, and
changes the network config on demand.

Or you could use 'runas' on the commandline. it can cache user credentials.

There are lots of options. try them all, and pick whatever is fit for your
purposes.

--

Kind regards,
Bruno.
(e-mail address removed)
Remove only "_nos_pam"