Typically you would install and launch a service, configured to log in as SYSTEM. You can then use OpenProcessToken
and DuplicateTokenEx
to make a copy of the token.
You will probably need to use SetTokenInformation
to change the session ID for the token to match that of the interactive user. You need Act As Part Of the Operating System privilege to do that, so you should do this from inside the service itself. Once the duplicate token is ready to use, you can use DuplicateHandle
to copy the handle into the administrative process, or (with the right options) you could launch the command shell directly from the service too.