Jump to content
Sign in to follow this  


Recommended Posts



An odd thing about Vista+ O/S's is that, once you run a process in elevated privileges mode, you can't run other processes in lower-privileged modes.

Why, you ask, would that be important?

Sometimes you want - or need - to limit the privileges of a process:

  • A very common scenario for me is drag-and-drop.

    Windows' Explorer does NOT allow this to occur between lower privileged processes (like Explorer itself!) and other processes. This is very frustrating for users in programs that take advantage of that.

  • There's also some problems using certain SendMessage commands from other unelevated processes.
  • Setting the state or properties of windows that have an elevated privilege may not work either from other unelevated processes.
  • An install or setup program that needs to launch the installed program will more often than not want to run that program on a lower privilege level (for some of the reasons mentioned above)
So, after some looking around I found two ways of running processes under a lower privilege mode. One is using CreateProcessWithTokenW (see ), and the other is using COM objects - specifically Windows Explorer's SHELL object to ShellExecute a command/program. This can be used just like AutoIt's built-in ShellExecute() function, but of course the program that runs will be at a reduced IL (integrity level).

The code is based on Brandon @ BrandonLive's article here:

'Getting the shell to run an application for you - Part 2:How | BrandonLive'

The usage is straightforward for this one: use it like ShellExecute. The $bWait parameter is only there in case ShellExecuteWait() will be called for either non-elevated processes or pre-Vista O/S's. Example:

_ShellExecuteWithReducedPrivileges(@ComSpec,' /k title Non-Elevated prompt (via Shell.ShellExecute)')

Anyway, hope this helps someone out!

Ascend4nt's AutoIT Code License agreement:

While I provide this source code freely, if you do use the code in your projects, all I ask is that:

  • If you provide source, keep the header as I have put it, OR, if you expand it, then at least acknowledge me as the original author, and any other authors I credit
  • If the program is released, acknowledge me in your credits (it doesn't have to state which functions came from me, though again if the source is provided - see #1)
  • The source on it's own (as opposed to part of a project) can not be posted unless a link to the page(s) where the code were retrieved from is provided and a message stating that the latest updates will be available on the page(s) linked to.
  • Pieces of the code can however be discussed on the threads where Ascend4nt has posted the code without worrying about further linking.

Download the ZIP from my Site

Edited by Ascend4nt
  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • Bilgus
      By Bilgus
      ; NetFirewallPolicy2 COM UDF Library for AutoIt3
      ; AutoIt Version :
      ; Description ...: Windows Firewall Policy2 Interface, Provides access to the firewall policy for Windows Vista+
      Including Test Script 
      Test Script:
    • Bilgus
      By Bilgus
      I was Playing around With AutoIt this evening and wondered how hard it would be to get typeinfo like the COM Viewers do only using AutoIt
      Turns out it was pretty easy.
      A Few Notes:
      CAarray info is unfinished I didn't have any objects to test it on so I left it Limited.
      The Object must have IDispatch exposed (ITypeInfo is derivative)
      Its Just a proof of concept Run with it but don't carry scissors
      Output IWebBrowserApp
      Output ObjCreate(MediaPlayer.MediaPlayer.1)
    • Bilgus
      By Bilgus
       IGroupPolicyObject interface
      ;;IGroupPolicyObject #RequireAdmin #include-once #include <WinAPIConstants.au3> ; $S_OK #include <WinAPIReg.au3> ;_WinAPI_GetRegKeyNameByHandle Global Enum $GPO_SECTION_ROOT = 0x0, $GPO_SECTION_USER, $GPO_SECTION_MACHINE Global Enum $GPO_OPEN_LOAD_REGISTRY = 0x1, $GPO_OPEN_READ_ONLY Global Enum $GPO_OPTION_DISABLE_USER = 0x1, $GPO_OPTION_DISABLE_MACHINE Global Enum $GPOTypeLocal = 0x0, $GPOTypeRemote, $GPOTypeDS, $GPOTypeLocalUser, $GPOTypeLocalGroup Global Const $sCLSID_GroupPolicyObject = "{EA502722-A23D-11D1-A7D3-0000F87571E3}" Global Const $sIID_IGroupPolicyObject = "{EA502723-A23D-11D1-A7D3-0000F87571E3}" Global Const $dtag_IGroupPolicyObject = _ "New hresult(wstr;wstr;dword);" & _ ; Creates a new GPO in the Active Directory with the specified display name. "OpenDSGPO hresult(wstr;dword);" & _ ; Opens the specified GPO and optionally loads the registry information. "OpenLocalMachineGPO hresult(dword);" & _ ; Opens the default GPO for the computer and optionally loads the registry information. "OpenRemoteMachineGPO hresult(wstr;dword);" & _ ; Opens the default GPO for the specified remote computer and optionally loads the registry information. "Save hResult(bool;bool;ptr;ptr);" & _ ; Saves the specified registry policy settings to disk and updates the revision number of the GPO. "Delete hresult();" & _ ; Deletes the GPO. "GetName hResult(wstr;int);" & _ ; Retrieves the unique name for the GPO. "GetDisplayName hResult(wstr;int);" & _ ; Retrieves the display name for the GPO. "SetDisplayName hresult(wstr);" & _ ; Sets the display name for the GPO. "GetPath hResult(wstr;int);" & _ ; Retrieves the path to the GPO. "GetDSPath hresult(dword;wstr;int);" & _ ; Retrieves the Active Directory path to the root of the specified GPO section. "GetFileSysPath hresult(dword;wstr;int);" & _ ; Retrieves the file system path (UNC format) to the root of the specified GPO section. "GetRegistryKey hresult(dword;handle);" & _ ; Retrieves a handle to the root of the registry key for the specified GPO section. "GetOptions hResult(dword*);" & _ ; Retrieves the options for the GPO. "SetOptions hresult(dword;dword);" & _ ; Sets the options for the GPO. "GetType hResult(dword*);" & _ ; Retrieves type information for the GPO being edited. "GetMachineName hResult(wstr;int);" & _ ; Retrieves the computer name of the remote GPO. "GetPropertySheetPages hresult(ptr;uint*);" ; Retrieves the property sheet pages associated with the GPO. Test() Func Test() Local $iResult Local $oIGroupPolicy Local $aGpoType[5] = ["Local", "Remote", "Active Directory", "LocalUser", "LocalGroup"] $oIGroupPolicy = ObjCreateInterface($sCLSID_GroupPolicyObject, $sIID_IGroupPolicyObject, $dtag_IGroupPolicyObject) While True If Not IsObj($oIGroupPolicy) Then ConsoleWrite("Failed To Retrieve Interface") $iResult = $E_NOINTERFACE ExitLoop Else ConsoleWrite("Success: " & ObjName($oIGroupPolicy, 1) & @CRLF) EndIf Local $sLoc, $sPath, $sName, $iType $tKey = DllStructCreate("handle hKey") $iResult = $oIGroupPolicy.OpenLocalMachineGPO(BitOR($GPO_OPEN_LOAD_REGISTRY, $GPO_OPEN_READ_ONLY)) If $iResult <> $S_OK Then ExitLoop $iResult = $oIGroupPolicy.GetDisplayName($sLoc, 65535) If $iResult <> $S_OK Then ExitLoop $iResult = $oIGroupPolicy.GetName($sName, 65535) If $iResult <> $S_OK Then ExitLoop ConsoleWrite($sLoc & " : " & $sName & @CRLF) $iResult = $oIGroupPolicy.GetPath($sPath, 65535) If $iResult <> $S_OK Then ExitLoop $iResult = $oIGroupPolicy.GetType($iType) If $iResult <> $S_OK Then ExitLoop ConsoleWrite($sPath & @CRLF) $iResult = $oIGroupPolicy.GetType($iType) If $iResult <> $S_OK Then ExitLoop ConsoleWrite("Type: " & $aGpoType[$iType] & @CRLF) $iResult = $oIGroupPolicy.GetRegistryKey($GPO_SECTION_USER, DllStructGetPtr($tKey)) If $iResult <> $S_OK Then ExitLoop ConsoleWrite(_WinAPI_GetRegKeyNameByHandle(DllStructGetData($tKey, "hKey")) & @CRLF) ExitLoop WEnd Return SetError($iResult, 0, ($iResult = $S_OK)) EndFunc ;==>Test Note: Not well tested..
    • griefman
      By griefman
      Hi everyone,
      i am writing to you after a very long struggle i had while trying to figure out how to send a simple click inside a virtual machine running in vmware workstation 14.
      i have an autoit script running on my host machine watching for the UAC prompt to be displayed in a running vm. Both the host and the guest OS are Windows 10. This script worked perfectly with virtual box. It recognized the UAC prompt and clicked inside and the UAC was accepted. Since i switched to VMware Workstation 14, the script no longer clicks inside the VM successfully. It acts as if it clicks, but it doesn't. 
      I tried sending key combinations instead of a click, so that the VM can grab the input, but it also did not work. Every attempt that i made to send clicks or keys from the host inside the VM did not work. I tried using:
      I also noticed that while the cursor moves to the target which has to be cilcked when my vmware worstation window is not focused, it even doesn't do that when i WinActivate the vmware workstation window first.
      Did anyone experience such an issue, or maybe could give me a hint, what else i could use to send a key combination or a mouse click in a vmware workstation 14 pro guest window?
      here is my code, which works with virtualbox:
      #AutoIt3Wrapper_Icon=".\uac.ico" #include <ImageSearchSubrogated.au3> FileInstall(".\ImageSearchDLL.dll", ".\ImageSearchDLL.dll", 0) FileInstall(".\UAC_ginloSetup.bmp", ".\UAC_ginloSetup.bmp", 0) FileInstall(".\UAC_Yes.bmp", ".\UAC_Yes.bmp", 0) ; set global variables for the coordinates, which should be delivered global $x1 = 0, $y1 = 0 global $x2 = 0, $y2 = 0 global $counter1 = 0 global $counter2 = 0 global $sleep = 10000 global $smallSleep = 5000 ; execute the script in a loop, so that it will hopefully recover from some unexpected errors While $counter1 < 1 checkForImage() WEnd #cs ------------ Functions #ce ------------ Func checkForImage() While $counter2 < 1 ; search for the UAC in the entire screen - 2 screens supported local $searchUac = _ImageSearchArea('UAC_ginloSetup.bmp', 1, -2568, -8, 5136, 1440, $x1, $y1, 0) If $searchUac = 1 Then ; if the UAC was found search for the Yes button in a an area 200 x 200 from the middle of the found UAC image local $searchYes = _ImageSearchArea('UAC_Yes.bmp', 1, $x1, $y1, $x1 + 200, $y1 + 200, $x2, $y2, 0) If $searchYes = 1 Then ; if the Yes button was found click it and pause the script for $sleep seconds MouseClick("left", $x2, $y2, 1,0) Sleep($sleep) Else ; if the Yes button was not found retry from the beginning in $smallSleep seconds MsgBox(0, "UAC found error", "UAC was found but the 'Yes' button was not found. Script will retry in " & $smallSleep & " seconds.", $smallSleep) EndIf ; another way to accept the UAC - via shortcut ;Send("{TAB}{TAB}{TAB}{TAB}{TAB}{TAB}") ;Send("!y") Else ; if UAC was not found try again in $sleep seconds Sleep($sleep) EndIf WEnd ; if some error occured which expired the loop, pause the script for $sleep seconds MsgBox(0, "Error", "Some Error expired the timer and the script could not recover. The script will restart in " & $sleep & " seconds.", $sleep) EndFunc  
    • Fenzik
      By Fenzik
       Hello all"
      I have curious problem with com object implementation of Sapi 5.1.
      In some cases }Some Voice engines] the metods for retrieve the voice parameters fails with error :Member not exists:.
      But the Retrieved Voice object can speak the given text, so It exists and work.
      Example of this type of Engine can be this one: http://download.kobavision.be/KobaSpeech3/KobaSpeech 3 With Vocalizer Serena - English (Great Britain).exe (can work as demo)
      So my question is> Is there some way to workaround or solve this issue?
      What i tryed:
      1. Typical use of Sapi.spvoice object:
      $oMyError = ObjEvent("AutoIt.Error","MyErrFunc"); Install a custom error handler
        $spvoice = ObjCreate("sapi.spvoice")
      for $voice in $spvoice.getvoices()
        msgbox(0, "Voice", $voice.getdescription())
      Func MyErrFunc()
      $HexNumber = hex($oMyError.number, 8)
      Msgbox(0,"","We intercepted a COM Error !" & @CRLF &"Number is: " & $HexNumber & @CRLF &"Windescription is: " & $oMyError.windescription)

      2. Implement workaround based on Nvda Screen reader sapi5 Library at https://github.com/nvaccess/nvda/blob/master/source/synthDrivers/sapi5.py
      Thys code in Pascal should work, so i tryed to reproduce it in Autoit.
      Pascal code just as example:
                   for i:=0 to SOTokens.Count-1 do
                        SOToken:=SOTokens.Item(I); s:=SOToken.GetDescription(0);
      In Autoit I tryed it like this:
      $oMyError = ObjEvent("AutoIt.Error","MyErrFunc"); Install a custom error handler
        $spvoice = ObjCreate("sapi.spvoice")
      for $i = 0 to $spvoice.getvoices.count-1
      $name = $spvoice.getvoices.item($i).getdescription
      msgbox(0,"Voice", $name)
      Func MyErrFunc()
      $HexNumber = hex($oMyError.number, 8)
      Msgbox(0,"","We intercepted a COM Error !" & @CRLF &"Number is: " & $HexNumber & @CRLF &"Windescription is: " & $oMyError.windescription)
      Both of this methods returning same Error ("Member not exists.").
      Thanks a lot for help.