Hi All,
We have an application that writes to Windows registry and
some files. Both of these (that is, registry and files)
require the software to impersonate as a highly privileged
user (i.e. Adminstrator) to write to them.
However, with the addition of "Impersonate a client after
authentication" (SeImpersonatePrivilege) user right in
Windows 2000 SP4, the software may not be able to
impersonate if it is running under a normal user account.
This can be a real hassale as Administrators would need to
change policies during installation to allow software to
run under normal user account.
A solution to this problem could be to have a service
running in the background, which would spawn a thread that
allows the software to write to registry/files through
this thread. As a service can run with higher privileges,
writing to registry/files would not be a problem. HOWEVER,
communication between this thread and the rest of software
is a complicated one as they will be two different
processes that need to communicate to each other. Is there
a solution to this problem? I am thinking that the service
could be written in .NET and the rest of software can act
as COM client. Is there an easier way of doing this?
Apart from using a service, in general, is there any other
way to impersonate without requiring administrators to
modify user policies?
Any help would be greatly appreciated.
Thanks,
Ash
