How do I start an out of process COM server as another (more privileged) user
https://stackoverflow.com/questions/858227
-
21-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I would like to create a COM object that runs in an out of process COM server as another user. How do I do that?
I have control over the COM server source code and my COM client is the only one that will be creating these COM objects.
Solution
We use COM+ to run objects as a network user that has certain rights we have given it (most to Windows Authentication to a SQL server.) What this doesn't do is control who can call these objects to untilize the security we have given it.
In Vista and future, there is a COM elevation capability that does exactly what you are looking for. Oh, looks like someone just posted that. Follow the link they left.
OTHER TIPS
Are you writing this for Vista? If so, you can use a special COM invokation that runs the COM object in an elevated state. See this article for more details.
If you are not talking about UAC, you might checkout the CoInitializeSecurity function.
Use RunAs -- see http://msdn.microsoft.com/en-us/library/ms680046(VS.85).aspx.
N.B. This setting can also be configured via dcomcnfg (Win2000) or comexp.msc (WinXP+) under "DCOM config"
If your object is implemented as an InProc server, you may combine this with a DLL surrogate (see http://msdn.microsoft.com/en-us/library/ms691260(VS.85).aspx).
