question

BalaSmart-5063 avatar image
0 Votes"
BalaSmart-5063 asked RLWA32-6355 commented

How windows service run process as elevated rights for standard user account

Hi,
I have created service called PrivilegeTest with the logon user of balas

balas ==> is not an local administrator

when i start my service, My process is running as elevated rights (task manager).

How windows creates elevated token for standard user on starting of service.

How windows achieve this technically?

windows-apic++
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Has your question been answered?

0 Votes 0 ·

1 Answer

RLWA32-6355 avatar image
0 Votes"
RLWA32-6355 answered BalaSmart-5063 commented

When the Windows task manager shows that your service process running as a standard user is elevated that indicates that the process is running at a High integrity level. The Service Control Manager is a System process and is capable of assigning integrity levels to any service process that it starts. Unelevated processes usually run at a Medium integrity level. For more information about integrity levels see mandatory-integrity-control

However, even though the service process is running at a High integrity level it is NOT running with all of the privileges typically granted to an Administrator. The following images show a service process running as a standard user. Note that Process Explorer shows the High integrity level for the process. However, Process explorer also shows that the privileges present in the service process token are those of a standard user except for SeCreateGlobalPrivilege and SeImpersonatePrivilege both of which are assigned by the Service Control Manager to services that it starts.

Integrity level -
102560-integrity.png

Privileges -
102569-privileges.png



integrity.png (38.0 KiB)
privileges.png (44.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.