CoCreateInstanceAsAdmin or CreateElevatedComObject sample
The COM elevation moniker is one of the three recommended ways to have a user application do tasks that require admin privileges. The UAC document from September 2006 refers to it as the Admin COM Object model under the section “Key Decisions for Designing Administrator-Only Applications”.
Apparently CoCreateInstanceAsAdmin from the SDK documentation has been rebranded as CreateElevatedComObject in the UAC doc. I have a sample with an ATL component and a console client attached that show this working. (Disclaimer: It is for demo purposes only and the code does not do any error or exception handling.)
The only changes I had to make was in the two rgs files. In order to make the inproc COM component run in the dllhost.exe surrogate, I had to add this to MyElevatedCOM.rgs:
val DllSurrogate = s ''
I also had to add this to the MyElevated.rgs file to make it both Elevation capable and MUI aware respectively:
val Enabled = d 1
val LocalizedString = s <'@%MODULE%,-101'>
Finally to match up the LocalizedString entry with an entry from the resource, I added a new string in the String table with a matching entry of 101.
The client side is literally copied from the SDK docs.
If you try to launch this application from a real standard user (so not a filtered admin), you will get an E_ACCESSDENIED on the actual method call. In order to get around this you will need to give the interactive user access permission to the COM component.
- Launch COM+ explorer (start, run, dcomcnfg)
- Navigate to Component Services\Computers\My Computer\DCOM Config and get to MyElevatedCOM (for this demo app that is)
- Select Properties and go to security tab.
- Under Access Permissions, select the Customize button radio button and click Edit.
- Click Add. Change the "locations" to the local machine.
- Enter "Interactive" and OK out of all the dialogs.
If you need to script this you can use DCOMPERM from the platform SDK.