IsLimitedUser API ?

[Magnum]

I started using psexec.exe to run FF as a limited user.

Is there a way to see if a process is running as a limited user ?

[ragdog]

I think this start a process (Createprocess) as User
You can use Createprocess to run a exe as user or admin ;)

[Magnum]

I don't want to start a new process.

I want to verify if firefox.exe, that I have already started with only the privileges of a limited user(LU), is actually being run as a L.U.

Ich hoffe, dass Sinn machte.

Or maybe there is something in a browser that can't be done while it is being run as a L.U. ?

[ragdog]

OpenProcessToken and GetTokenInformation

http://masm32.com/board/index.php?topic=763.0

[qWord]

OpenProcessToken and GetTokenInformation

http://masm32.com/board/index.php?topic=763.0

this methode seems to not work for WinXP - see here: http://masm32.com/board/index.php?topic=791.0

[Magnum]

Code Select Expand



I will convert this if you think it would work.

I asked if it would work in XP and they didn't answer.

I used Notepad as an example but I would like to check if Firefox is running under some kind of "Integrity Level."

MSDN post

The technical term you are searching for is "Integrity Level" and has to do with UAC, not whether user is Admin or not.
The following is from the source code of http://www.codeproject.com/Articles/16796/Riding-the-Vista-UAC-elevator-up-and-down
You need to replace GetCurrentProcess() with the process handle of the running Notepad.

-- David

HRESULT IsElevated( __out_opt BOOL * pbElevated ) //= NULL )
{
  ASSERT( IsVista() );
  HRESULT hResult = E_FAIL; // assume an error occured
  HANDLE hToken = NULL;
  if ( !::OpenProcessToken(
    ::GetCurrentProcess(),
    TOKEN_QUERY,
    &hToken ) )
  {
    ASSERT( FALSE );
    return hResult;
  }
  TOKEN_ELEVATION te = { 0 };
  DWORD dwReturnLength = 0;
  if ( !::GetTokenInformation(
    hToken,
    TokenElevation,
    &te,
    sizeof( te ),
    &dwReturnLength ) )
  {
    ASSERT( FALSE );
  }
  else
  {
    ASSERT( dwReturnLength == sizeof( te ) );
    hResult = te.TokenIsElevated ? S_OK : S_FALSE;
    if ( pbElevated)
      *pbElevated = (te.TokenIsElevated != 0);
  }
  ::CloseHandle( hToken );
  return hResult;
}


[dedndave]

i think i mentioned it before - UAC was not introduced until vista
you might have some luck by looking at the access token
some reading you may find interesting...
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374909%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880%28v=vs.85%29.aspx

[Magnum]

That's funny.

That was a post by a Microsoft MVP and he knew I was running XP. 

But sometimes it is interesting cleaning up their mess.

Andy

[Magnum]

It's time for me to invoke GetIntoBed......zzzzzzz

[jj2007]

some reading you may find interesting...
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374909%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684880%28v=vs.85%29.aspx

Access tokens contain the following information:

    The security identifier (SID) for the user's account
    SIDs for the groups of which the user is a member
    A logon SID that identifies the current logon session
    A list of the privileges held by either the user or the user's groups
    An owner SID
    The SID for the primary group
    The default DACL that the system uses when the user creates a securable object without specifying a security descriptor
    The source of the access token
    Whether the token is a primary or impersonation token
    An optional list of restricting SIDs
    Current impersonation levels
    Other statistics

... followed by a dozen security functions. For me, the most interesting is EnumProcessesUsingInternet.

[Magnum]

Vielen Dank Jochen.

I bookmarked and saved that webpage.

It started out my day great. :-)

Andy