1

I have a Window 10 vb.net main process (tester) that needs to create a process to clean up certain registry area. The products we test have a single FTDI serial port adapter, but over time these instances build up and slow the registry to a crawl.

As the main process starts, the desire is to use an off the shelf utility, DeviceCleanupCmd.exe, to search and remove the driver instance build up. This requires administrator privileges for that sub process. I've been able to do this on XP with script, but the system is running with full administrator privileges. Since it's not on the network, there's very little risk.

Moving forward, we are trying to replace the XP system with a Windows 10 Enterprise box that is network connected. I wanted to incorporate the equivalent of the script into the vb.net process and I modified the vb.net application to use

  • Process() with StartInfo.Verb = "runas"
  • Local user credentials (not a domain user) the application provides to start the sub process.

Using this method, my sub process executes, but not with administrator level privileges. The Stackoverflow reference below explains that I can't use this method and have to use CreateProcessWithLogonW. I understand Ian Boyd's concerns for security in the post.

Run process as administrator from a non-admin application

I have followed the Microsoft implementation that follows and am still having issues.

https://learn.microsoft.com/en-us/troubleshoot/dotnet/visual-basic/start-process-as-another-user

Here's the essential part of my code. You will see that I truncated the MS example to use the W2K portion, as we won't be going back that far!

    wUser = System.Text.Encoding.Default.GetString(UnicodeStringToBytes(UserName + Chr(0)))
    wDomain = System.Text.Encoding.Default.GetString(UnicodeStringToBytes(DomainName + Chr(0)))
    wPassword = System.Text.Encoding.Default.GetString(UnicodeStringToBytes(Password + Chr(0)))
    wCommandLine = System.Text.Encoding.Default.GetString(UnicodeStringToBytes(CommandLine + Chr(0)))
    wCurrentDir = System.Text.Encoding.Default.GetString(UnicodeStringToBytes(CurrentDirectory + Chr(0)))
    Result = CreateProcessWithLogonW(wUser, wDomain, wPassword, CREATE_DEFAULT_ERROR_MODE, 0&, wCommandLine, CREATE_NEW_CONSOLE, 0&, wCurrentDir, si, pi)
    If Result <> 0 Then
        CloseHandle(pi.hThread)
        CloseHandle(pi.hProcess)
        W2KRunAsUser = 0
    Else
        W2KRunAsUser = Err.LastDllError
        Status = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, CType(0&, IntPtr), W2KRunAsUser, 0, strMessage, Len(strMessage), 0)
        MsgBox("CreateProcessWithLogonW() failed with error: " & W2KRunAsUser & " " & strMessage, vbExclamation)
    End If

Please remember that my target administrator user is only resident on the PC I'm running the application on - not on the domain. I've verified that I can login with the credentials and run DeviceCleanupCmd.exe with success. In order to login locally, I must use a \ before the user. When I run the code, I've attempted the following, with the error message that Windows 10 supplies after the colon (:):

  1. Providing "user", "password", and "domain" (I know it's not required): The directory name is invalid.
  2. Providing "user", "password", and domain as "": The directory name is invalid.
  3. Providing "\user", "password", and domain as "": The directory name is invalid.
  4. Providing ".\user", "password", and domain as "": The stub received bad data.
  5. Providing "user", "password", and domain as "computer name": The directory name is invalid.
  6. Providing "non-admin user", "password", and "domain of user": DeviceCleanupCmd.exe runs but complains 'No admin privileges available'.

Because the application is complaining about an invalid directory name, I've purposely placed the DeviceCleanupCmd.exe in a C:\sub-directory that is not protected by Windows (Like Program Files). Attempt 6 above would seem to prove that there's not rights/access violations.

I have also tried CREATE_NEW_CONSOLE in place of CREATE_DEFAULT_ERROR_MODE and same results as above. I've proved the user is being decoded, as when I provide an incorrect password, I get "The user name or password is incorrect".

@Hurshey provided the insight to look at the Windows Task Scheduler and the following links support full configuring the task + incorporating the exported XML into NSIS - my target deployment method.

https://www.windowscentral.com/how-create-automated-task-using-task-scheduler-windows-10 https://nsis.sourceforge.io/Talk:Scheduled_Tasks

jtreubig
  • 11
  • 2
  • 1
    Just to be clear, this is for in-house use in a debugging or testing environment? Not for production use? – Hursey Apr 13 '21 at 03:01
  • Yes, this is for an in-house testing application that would never be rolled out into a "production" use. Production would mean that anyone could download and use. The application is only for our company to use in manufacturing our products. – jtreubig Apr 13 '21 at 12:06
  • Does it need to be incorporated into your app then? Would an alternative be to simply run it periodically via the windows task scheduler? – Hursey Apr 13 '21 at 20:47
  • @Hursey your suggestion was dead on, as the Windows Task Scheduler supported me running the app as SYSTEM and was flexible to permit scheduling whenever I wanted. Additionally, I can export the task to XML and use NSIS to install it with the app on my target platform. – jtreubig Apr 14 '21 at 13:40

0 Answers0