Protected -> Medium Integrity, elevation policy

Hot Topic

Question with Vista
About linux operating system
Search result appears in "Indexed Locations" but not in "Everywhere" on Vista
losing WshShell.Environment("Process") variables in IE 6.0.
using a scanner with Ie.
Physics Calculators *New*
WDS 3.0 Beta 2- Cannot index pdf file contents
Two items for $19.99 - Discount
"Error on page": ActiveXObject("WScript.Shell") JavaScript IE7 Intranet
Editing order data in Customer and Orders Manager

IE Development

Working with Commerce Server tables in ADO.Net
your computer is ready to compute
ie 7 crashes wont even load "addon hwtxkrm.dll" error
Question with Vista
Windows Vista Gaming Performance
"Requested lookup key" IE7 Problem
Who is using Commerce Server 2007?
Web site user authentication and Data Sharing
Convert Money value to its Textual Representation
How to install my BHO?

Protected -> Medium Integrity, elevation policy

I have an ActiveX control which needs to start a process with medium integrity. I am trying to get ieuser to elevate the process without prompting the user to ok the elevation.

On install, I generate a GUID and add it to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy, and set the 'AppName' and 'AppPath' to reference the application to run (I do not set the CLSID). I set the 'Policy' value to 3. Even after restarting the PC, IE still prompts the user with the dialog seen in: "Understanding and Working in Protected Mode Internet Explorer"

Any suggestions on what I am doing wrong The ActiveX control and application to be launched are both signed, and the application has the manifest trust level set to 'asInvoker', and UI to false.

Thanks.

Answer this question

Protected -> Medium Integrity, elevation policy

  • robinjam

    I also see the problem when referencing an installed application under program files.

    AppPath=c:\program files\company\product

    doesn't seem to work w/o the clsid specified.

  • heimdaloz

    Yes, this seems like an issue (which is being tracked internally). Also you wont face this issue if you use a directory path other than the root directory.

  • blixt174963

    Made an app called 'test.exe'. Placed it in c:\

    Key is: {A72296F2-F88D-4EB4-92F7-3BC70F5A5756}
    AppName (REG_SZ): test.exe
    AppPath (REG_SZ): c:\
    Policy (REG_DWORD): 3


    After much frustration, I added the CSLID of the ActiveX control as the CSLID value in that key. It appears to work. I am not sure why it does, at least according to what it seems like the CSLID value should do detailed by the documention linked above.


    Also, is there an easier way to get ieuser to read the registry settings If i get this to work, telling users 'you must reboot' to guarantee that ieuser is reset seems like a poor user experience.

  • Saurabh Agrawal

    Are you starting the program using CoCreateInstance You could try c: without the trailing '\', I gave it a quick shot on my machine and saw without the ending '\', it seemed to elevate. I will look into this and get back with some answers.

  • Peter Kahn

    What you outlined sounds like you are doing the right thing. Could you verify/share the application name which starts & the AppPath/AppName values added to the registry.

    Thanks
    Sharath

  • rectis

    CLSID is required if your binary would register a CoClass which is not registered in the HKCR\CLSID. So according to your experience, it might be because you are doing a CreateProcess(test.exe) and then do a CoCreateInstance(CLSID) (where the CLSID is registered by test.exe). If so, then that would make sense why you need a CLSID also.
  • Protected -> Medium Integrity, elevation policy
Answer this question