If the UAC level is set to Never and a Standard Windows user runs up an app that requests for elevated admin privileges, what would be the expected behavior, should the app continue to run?
From the microsoft documentation:
The slider will never turn UAC completely off. If you set it to Never notify, it will:
Keep the UAC service running.
Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
Automatically deny all elevation requests for standard users.
This means that any application requiring admin privileges won't run, as the user has no admin privileges.
Related
I'm using LogonUser to get a HANDLE to the target session token and use it for the function CreateProcessAsUser.
status = LogonUserW(sessiondata->UserName.Buffer, sessiondata->LogonDomain.Buffer,NULL,LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &targettoken);
My executable is going to be executed by Administrator, but even though I'm administrator, I can't get the handle to the token and always get 1326 error: Logon failure: unknown user name or bad password.. I put NULL as lpszPassword with the hope that it checks if I'm administrator and give me the privilege to get the access token.
Of course I should not be using LogonUser for this purpose, so what do you suggest ?
I expected to get a HANDLE to the access token because of my high-level privilege(Administrator) without giving the password.
My executable is a simple application which is intended to get screenshots from all logon sessions
Hey, we can forget about getting the user's login token. There's actually a fairly good way to do this.
Enumerate all processes.
If the process is a WINLOGON process and the session id is not zero
Steal its token
Start a process using that token; pass it a file on the command line
That process takes a screenshot and saves it to a file
When all your processes have finished, pick up your files.
The token from WINLOGON has administrative rights and is on the correct session to see the user's desktop. If you don't create any windows you aren't vulnerable to the user messing with you. (In fact this token creates windows at a higher integrity level. Normal shatter attacks don't work however you can still receive fake keyboard or mouse input if you create windows.)
Most likely, you will only get a screenshot from the currently active screen and any active remote desktop sessions. Other sessions stop their redraw and drop their screen buffers to save memory.
It's most likely your user does not have SeAssignPrimaryTokenPrivilege and SeTcbPrivilege. I have given these to my user in the past; however the easiest way to get them is to become local system by setting up and launching as a service, then removing the service after its done.
OP commented that he got to SYSTEM by PsExec and was able to get the token. PsExec does CreateService under the hood so it's all the same.
We have the angularjs application where we have different roles associated to the users. For ex: the two roles are Admin and Local. Based on the role, we show some menu items for the Admin and adds more features/screen to the Admin .
The userInfo with the Admin Property is returned from the login response and based on what we decide which all menu and screens to be rendered .
But if we user the developer tool, and the set the break point where the admin property is used, and set the admin property as true the user even he is a local user would be able to access admin privileges .
In short who has some idea about the javascript code can get the admin privileges . Is there any idea other than minification of the code to prevent this kind of security threats
Thanks
As the front-end of your application will run on the client machine there is actually no way to stop a user from debugging or modifying the code. Thus it's impossible to prevent someone from tricking their local instance of the application to think it's signed in as an administrator.
If you simply want to hide the admin interface, one possibility is to have separate (or additional) templates for administrators and restrict access to these based on the user's privilege. If there is anything to be gained from this is up to you. You will still need to validate the rights to execute any privileged action on the server anyway. Obtaining administrative privileges on the client must never be the same as obtaining them on the server side.
My app uses SetSystemTime() to set the PC clock from a GPS source. This works fine in Windows 7 with User Account Control disabled, but in Windows 8, even with UAC disabled, it fails. The error I get back is ERROR_PRIVILEGE_NOT_HELD. The user logged into the machine is in the Administrators group. I can only get it to work if I run the application as "Run as Administrator" from the file's context menu in Explorer - but the logged-in user IS an Administrator.
So... what do I need to do differently on Windows 8 to get SetSysytemTime() to work? Do I need even more elevated privileges than the current users' Administrator rights? If so, what has higher privileges than Administrator? Or do I need to set the user account up differently to allow these kinds of calls to work on Windows 8?
EDIT: As noted in the comments, manually attempting to enable the SE_SYSTEMTIME_NAME privilege doesn't work. Neither does trying to add the privilege using the suggested MSDN method of LsaAddAccountRights.
If you move the UAC slider down completely in "User Account Control Settings", it means that UAC won't show any prompts, but is still enabled. Any normal process still runs without administrative privileges, but elevating (by "run as administrator" or by having declared "requireAdministrator") will happen without user consent.
Disabling the Security Policy "User Account Control: Run all administrators in Admin Approval Mode" or setting the registry key "EnableLUA" to 0 will change this behaviour, but prevent all Metro Modern UI apps from running.
If your users don't have administrative rights, you can't change the system clock without using a service.
If you want your application to start normally (but without special rights) for normal users and (auto-)elevate for administrators, you may want to declare "highestAvailable" in your manifest.
I think it might be related to the fact that, with UAC disabled on Windows 8, processes (by default) run at Medium Integrity, not High Integrity (see this post).
I think you need to request requireAdministrator in your application manifest
I want to get the privileges of a selected user on a local machine. I know how to get them from the current user, so my problem is how to open a process as as a different user.
I'm currently looking for more info about CreateProcessAsUser()
thanks
You shouldnt create a process as a different user just to get his priviledges. To get an user priviledges you need an iudentity token. To start a process as an user you need an impersonate token. Idenity tokens are very low security risk, impersonation tokens on the other hand are very serious business. At the very least, you need to know the password of the user in order to impersonate (or have an impesonation capable context, like an SSPI exchange security context).
Use LookupAccountName to get the SID, LsaOpenPolicy and LsaEnumerateAccountRights.
Check this link for how to do this from a service within Delphi: Launch your application in Vista under the local system account without the UAC popup
To launch a process under the local
system account I perform the following
steps (from a service application):
Get the Active Console SessionId using WTSGetActiveConsoleSessionId
Since I need to launch the application under a system account, I
use the token from Winlogon, since
Winlogon runs under the system
account. So I obtain the process ID of
Winlogon and Duplicate the token.
Then I make sure I sent the startupinfo parameter lpDesktop to
winsta0\Default since I need to launch
my process there.
Then I use CreateProcessAsUser with Winlogon's duplicate token to
launch my process into session 1.
That's all. I am done.
I have an app which needs administrator privileges to do some things. I'd like to just show the UAC prompt when it starts, and then be elevated. I'm not sure how to do this, but I'm hearing about things like manifests and whatnot but not seeing a plain answer anywhere.
You need an app manifest that demands elevated privileges. Here's a quote from a blog that answers this:
First, you can create a manifest file by adding an “Application
Manifest File” Item to your project (default name: app.manifest), then
you can set it through the Application Tab in the Project Properties.
If you want to change the Windows User Account Control level in your
manifest file, all you need is to set the value of the level attribute
of the requestedExecutionLevel node with one of the following:
asInvoker (default): the application will run using the current Windows user provileges
requireAdministrator: the application requires an Administrator user
highestAvailable: highest privileges for the current user will be used
http://dariosantarelli.wordpress.com/2007/11/21/vs2008-embedding-uac-manifest-options/