Unable to create executable with runas or impersonation

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 3 years and 11 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
ronkna
Posts: 15
Last visit: Wed Jan 03, 2024 6:12 am

Unable to create executable with runas or impersonation

Post by ronkna »

Hello,

I'm trying to create an executable which I want to run elevated.

I know how to do this, by creating a seperate launcher (starter.exe) with the Manifest Creation set to "Embed a default manifest for elevation" and Alternate credentials (which are the admin credentials of course) but when I try to build the package, the output shows 0 error(s), 1 warning(s).

I can't find the warning but I do know that it doesn't work. I think the credentials aren't used because when I launch the starter, the UAC pops up where I have to enter my admin credentials.

Changing the Run mode to "RunAs User" or "Impersonate User" doesn't affect the result.. When I change it to "Current User" it behaves as expected by returning "Access Denied" errors.

What could be the problem? :?:

Product: PowerShell Studio 2020 (64 Bit)
Build: v5.7.174
OS: Windows 10 Education (64 Bit)
Build: v10.0.18363.0
User avatar
brittneyr
Site Admin
Posts: 1655
Last visit: Thu Mar 28, 2024 3:14 pm
Answers: 39
Been upvoted: 30 times

Re: Unable to create executable with runas or impersonation

Post by brittneyr »

Most commonly, the expectation is that using impersonation or runas will get you from an unprivileged and restricted user to full elevated admin rights in one step.
That is however not how Windows works. Doing that requires two steps. First from unprivileged user to privileged user and THEN to elevated state of said user.
You cannot impersonate and elevate at the same time, as elevation is processed BEFORE a process that would use impersonation or runas is even started.

You may find the following blog helpful:
https://www.sapien.com/blog/2017/01/19/ ... nistrator/
Brittney
SAPIEN Technologies, Inc.
User avatar
ronkna
Posts: 15
Last visit: Wed Jan 03, 2024 6:12 am

Re: Unable to create executable with runas or impersonation

Post by ronkna »

I know that... I've done that...

Let me quote myself:
I know how to do this, by creating a seperate launcher (starter.exe) with the Manifest Creation set to "Embed a default manifest for elevation" and Alternate credentials (which are the admin credentials of course) but when I try to build the package, the output shows 0 error(s), 1 warning(s).
Doesn't work, don't know why...
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: Unable to create executable with runas or impersonation

Post by Alexander Riedel »

According to what you write, you added the elevation manifest AND the alternate credentials to your starter.exe
It doesn't work that way. First (on the starter.exe) you use alternate credential. Then on the second (your main application) executable you use elevation.
You have to do it in two steps.
Alexander Riedel
SAPIEN Technologies, Inc.
User avatar
ronkna
Posts: 15
Last visit: Wed Jan 03, 2024 6:12 am

Re: Unable to create executable with runas or impersonation

Post by ronkna »

Ok, misread that... Sorry ;)


Got it working now! Thanks for the help!
This topic is 3 years and 11 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.