Hard Coded Admin Access

Skavenger0

New member
Joined
Nov 4, 2009
Messages
3
Programming Experience
5-10
Im writing a program that needs to read various files.
One of these files is in the All Users Folder and requires admin access to read.
I am the Domain and IT Admin so I have full access to everything.

I have tried allowing normal users read access to the file through group policy to little avail however. All of our pcs have a generic local admin account and password.

Is there a way I can hard code the program with this username and password built in so that windows will allow just the program to run as administrator without the user being prompted.

The users in our company are not IT literate and I severely doubt they will ever see the exe file yet alone be able to decompile it. Any Ideas?
 
Restart process as admin:
VB.NET:
Private Sub RestartAdmin()
    Dim startInfo As New ProcessStartInfo()
    startInfo.UseShellExecute = False
    startInfo.WorkingDirectory = Environment.CurrentDirectory
    startInfo.FileName = Application.ExecutablePath
    startInfo.UserName = "admin"
    Dim secstr As New Security.SecureString
    secstr.AppendChar("p"c)
    secstr.AppendChar("a"c)
    secstr.AppendChar("s"c)
    secstr.AppendChar("s"c)
    startInfo.Password = secstr
    Try
        Dim p As Process = Process.Start(startInfo)
    Catch ex As System.ComponentModel.Win32Exception
        Return
    End Try
    Application.Exit()
End Sub
I have still to find out why a simple in-process impersonation of admin user in Vista fails to perform admin tasks... but the above works for me.
 
I would check if user running the app is admin like this:
VB.NET:
'Imports System.Security.Principal

Private Function IsAdmin() As Boolean
    Using wi As WindowsIdentity = WindowsIdentity.GetCurrent
        Dim wp As New WindowsPrincipal(wi)
        Return wp.IsInRole(WindowsBuiltInRole.Administrator)
    End Using
End Function
I would do this in application StartUp event and cancel startup if user is not admin. To prevent continous restart loop if the app should fail to start under admin account I would not automate this, instead I would show a messagebox that ask user if the app should attempt to switch to "admin mode", this way the user has the opportunity to cancel the app if it keeps asking that question again. For example:
VB.NET:
Private Sub MyApplication_Startup(ByVal sender As Object, ByVal e As Microsoft.VisualBasic.ApplicationServices.StartupEventArgs) Handles Me.Startup
    If Not IsAdmin() Then
        e.Cancel = True
        If MessageBox.Show("Switch to admin mode?", "Admin app", MessageBoxButtons.OKCancel, MessageBoxIcon.Question) = DialogResult.OK Then
            RestartAdmin()
        End If
    End If
End Sub
How to: Handle Application Events (Visual Basic)
 
Great, Skavenger0!
me said:
To prevent continous restart loop if the app should fail to start under admin account
Just a comment about this statement of mine, which has wrong conclusion. I was thinking perhaps the Process would start as regular user if the credentials weren't valid, but what happens is it throws a Win32Exception (Try-Catched), so the app would not restart in loop after all. This means you don't have to ask user at all.

Still, lets say the user is not admin, the app start is then cancelled and no UI is shown for this. If the admin credentials is then for some reason wrong the user should be notified, if not nothing appears to happen when user tries to start the app. This message can be given in the Catch part of RestartAdmin method, don't give the exception message, just say "contact admin" or something like that.
 
Back
Top