StephaneLenclud@394: // UacHelpers.CppLibrary.h
StephaneLenclud@394: 
StephaneLenclud@394: #pragma once
StephaneLenclud@394: 
StephaneLenclud@394: using namespace System::Diagnostics;
StephaneLenclud@394: using namespace System::Security::Principal;
StephaneLenclud@394: 
StephaneLenclud@394: namespace UacHelpers {
StephaneLenclud@394: 
StephaneLenclud@394: 	///<summary>
StephaneLenclud@394: 	///Provides facilities for enabling and disabling User Account Control (UAC),
StephaneLenclud@394: 	///determining elevation and virtualization status, and launching a process
StephaneLenclud@394: 	///under elevated credentials.
StephaneLenclud@394: 	///</summary>
StephaneLenclud@394: 	///<remarks>
StephaneLenclud@394: 	///Note that there's a delicate scenario where the registry key has already been
StephaneLenclud@394: 	///changed, but the user has not logged off yet so the token hasn't been filtered.
StephaneLenclud@394: 	///In that case, we will think that UAC is on but the user is not an admin (because
StephaneLenclud@394: 	///the token is not a split token).
StephaneLenclud@394: 	///</remarks>
StephaneLenclud@394: 	public ref class UserAccountControl abstract sealed
StephaneLenclud@394: 	{
StephaneLenclud@394: 	public:
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Returns <b>true</b> if the current user has administrator privileges.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		///<remarks>
StephaneLenclud@394: 		///If UAC is on, then this property will return <b>true</b> even if the
StephaneLenclud@394: 		///current process is not running elevated.  If UAC is off, then this
StephaneLenclud@394: 		///property will return <b>true</b> if the user is part of the built-in
StephaneLenclud@394: 		///<i>Administrators</i> group.
StephaneLenclud@394: 		///</remarks>
StephaneLenclud@394: 		static property bool IsUserAdmin
StephaneLenclud@394:         {
StephaneLenclud@394:             bool get();
StephaneLenclud@394:         }
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Returns <b>true</b> if User Account Control (UAC) is enabled on
StephaneLenclud@394: 		///this machine.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		///<remarks>
StephaneLenclud@394: 		///This value is obtained by checking the LUA registry key.  It is possible
StephaneLenclud@394: 		///that the user has not restarted the machine after enabling/disabling UAC.
StephaneLenclud@394: 		///In that case, the value of the registry key does not reflect the true state
StephaneLenclud@394: 		///of affairs.  It is possible to devise a custom solution that would provide
StephaneLenclud@394: 		///a mechanism for tracking whether a restart occurred since UAC settings were
StephaneLenclud@394: 		///changed (using the RunOnce mechanism, temporary files, or volatile registry keys).
StephaneLenclud@394: 		///</remarks>
StephaneLenclud@394: 		static property bool IsUacEnabled
StephaneLenclud@394:         {
StephaneLenclud@394:             bool get();
StephaneLenclud@394:         }
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Returns <b>true</b> if the current process is using UAC virtualization.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		///<remarks>
StephaneLenclud@394: 		///Under UAC virtualization, file system and registry accesses to specific
StephaneLenclud@394: 		///locations performed by an application are redirected to provide backwards-
StephaneLenclud@394: 		///compatibility.  64-bit applications or applications that have an associated
StephaneLenclud@394: 		///manifest do not enjoy UAC virtualization because they are assumed to be
StephaneLenclud@394: 		///compatible with Vista and UAC.
StephaneLenclud@394: 		///</remarks>
StephaneLenclud@394:         static property bool IsCurrentProcessVirtualized
StephaneLenclud@394:         {
StephaneLenclud@394:             bool get();
StephaneLenclud@394:         }
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Returns <b>true</b> if the current process is elevated, i.e. if the process
StephaneLenclud@394: 		///went through an elevation consent phase.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		///<remarks>
StephaneLenclud@394: 		///This property will return <b>false</b> if UAC is disabled and the process
StephaneLenclud@394: 		///is running as admin.  It only determines whether the process went through
StephaneLenclud@394: 		///the elevation procedure.
StephaneLenclud@394: 		///</remarks>
StephaneLenclud@394: 		static property bool IsCurrentProcessElevated
StephaneLenclud@394:         {
StephaneLenclud@394:             bool get();
StephaneLenclud@394:         }
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Disables User Account Control by changing the LUA registry key.
StephaneLenclud@394: 		///The changes do not have effect until the system is restarted.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		static void DisableUac();
StephaneLenclud@394: 		
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Disables User Account Control and restarts the system.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		static void DisableUacAndRestartWindows();
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Enables User Account Control by changing the LUA registry key.
StephaneLenclud@394: 		///The changes do not have effect until the system is restarted.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		static void EnableUac();
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Enables User Account Control and restarts the system.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		static void EnableUacAndRestartWindows();
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Creates a process under the elevated token, regardless of UAC settings
StephaneLenclud@394: 		///or the manifest associated with that process.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		///<param name="exePath">The path to the executable file.</param>
StephaneLenclud@394: 		///<param name="arguments">The command-line arguments to pass to the process.</param>
StephaneLenclud@394: 		///<returns>A <see cref="Process"/> object representing the newly created process.</returns>
StephaneLenclud@394: 		static Process^ CreateProcessAsAdmin(System::String^ exePath, System::String^ arguments);
StephaneLenclud@394: 
StephaneLenclud@394: 		///<summary>
StephaneLenclud@394: 		///Creates a process under the standard user if the current process is elevated.  The identity
StephaneLenclud@394: 		///of the standard user is determined by retrieving the user token of the currently running Explorer
StephaneLenclud@394: 		//(shell) process.  If the current process is not elevated, the standard user is used.
StephaneLenclud@394: 		///</summary>
StephaneLenclud@394: 		///<param name="exePath">The path to the executable file.</param>
StephaneLenclud@394: 		///<param name="arguments">The command-line arguments to pass to the process.</param>
StephaneLenclud@394: 		///<returns>A <see cref="Process"/> object representing the newly created process.</returns>
StephaneLenclud@394: 		static Process^ CreateProcessAsStandardUser(System::String^ exePath, System::String^ arguments);
StephaneLenclud@394: 
StephaneLenclud@394: 	private:
StephaneLenclud@394: 		static int GetProcessTokenElevationType();
StephaneLenclud@394: 		static void SetUacRegistryValue(bool enable);
StephaneLenclud@394: 		static void RestartWindows();
StephaneLenclud@394: 
StephaneLenclud@394: 		static System::String^ UacRegistryKey = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
StephaneLenclud@394: 		static System::String^ UacRegistryValue = "EnableLUA";
StephaneLenclud@394: 	};
StephaneLenclud@394: }	// end namespace UacHelpers