UacHelpers.CppLibrary/UserAccountControl.h
author StephaneLenclud
Mon, 02 Feb 2015 13:28:41 +0100
branchMiniDisplay
changeset 437 38e7b78cf732
permissions -rw-r--r--
Reverting client/server communication around our pipes to fix access denied err.
Now simply opening files for pipes created by SoundGraphAccess server.
StephaneLenclud@436
     1
// UacHelpers.CppLibrary.h
StephaneLenclud@436
     2
StephaneLenclud@436
     3
#pragma once
StephaneLenclud@436
     4
StephaneLenclud@436
     5
using namespace System::Diagnostics;
StephaneLenclud@436
     6
using namespace System::Security::Principal;
StephaneLenclud@436
     7
StephaneLenclud@436
     8
namespace UacHelpers {
StephaneLenclud@436
     9
StephaneLenclud@436
    10
	///<summary>
StephaneLenclud@436
    11
	///Provides facilities for enabling and disabling User Account Control (UAC),
StephaneLenclud@436
    12
	///determining elevation and virtualization status, and launching a process
StephaneLenclud@436
    13
	///under elevated credentials.
StephaneLenclud@436
    14
	///</summary>
StephaneLenclud@436
    15
	///<remarks>
StephaneLenclud@436
    16
	///Note that there's a delicate scenario where the registry key has already been
StephaneLenclud@436
    17
	///changed, but the user has not logged off yet so the token hasn't been filtered.
StephaneLenclud@436
    18
	///In that case, we will think that UAC is on but the user is not an admin (because
StephaneLenclud@436
    19
	///the token is not a split token).
StephaneLenclud@436
    20
	///</remarks>
StephaneLenclud@436
    21
	public ref class UserAccountControl abstract sealed
StephaneLenclud@436
    22
	{
StephaneLenclud@436
    23
	public:
StephaneLenclud@436
    24
		///<summary>
StephaneLenclud@436
    25
		///Returns <b>true</b> if the current user has administrator privileges.
StephaneLenclud@436
    26
		///</summary>
StephaneLenclud@436
    27
		///<remarks>
StephaneLenclud@436
    28
		///If UAC is on, then this property will return <b>true</b> even if the
StephaneLenclud@436
    29
		///current process is not running elevated.  If UAC is off, then this
StephaneLenclud@436
    30
		///property will return <b>true</b> if the user is part of the built-in
StephaneLenclud@436
    31
		///<i>Administrators</i> group.
StephaneLenclud@436
    32
		///</remarks>
StephaneLenclud@436
    33
		static property bool IsUserAdmin
StephaneLenclud@436
    34
        {
StephaneLenclud@436
    35
            bool get();
StephaneLenclud@436
    36
        }
StephaneLenclud@436
    37
StephaneLenclud@436
    38
		///<summary>
StephaneLenclud@436
    39
		///Returns <b>true</b> if User Account Control (UAC) is enabled on
StephaneLenclud@436
    40
		///this machine.
StephaneLenclud@436
    41
		///</summary>
StephaneLenclud@436
    42
		///<remarks>
StephaneLenclud@436
    43
		///This value is obtained by checking the LUA registry key.  It is possible
StephaneLenclud@436
    44
		///that the user has not restarted the machine after enabling/disabling UAC.
StephaneLenclud@436
    45
		///In that case, the value of the registry key does not reflect the true state
StephaneLenclud@436
    46
		///of affairs.  It is possible to devise a custom solution that would provide
StephaneLenclud@436
    47
		///a mechanism for tracking whether a restart occurred since UAC settings were
StephaneLenclud@436
    48
		///changed (using the RunOnce mechanism, temporary files, or volatile registry keys).
StephaneLenclud@436
    49
		///</remarks>
StephaneLenclud@436
    50
		static property bool IsUacEnabled
StephaneLenclud@436
    51
        {
StephaneLenclud@436
    52
            bool get();
StephaneLenclud@436
    53
        }
StephaneLenclud@436
    54
StephaneLenclud@436
    55
		///<summary>
StephaneLenclud@436
    56
		///Returns <b>true</b> if the current process is using UAC virtualization.
StephaneLenclud@436
    57
		///</summary>
StephaneLenclud@436
    58
		///<remarks>
StephaneLenclud@436
    59
		///Under UAC virtualization, file system and registry accesses to specific
StephaneLenclud@436
    60
		///locations performed by an application are redirected to provide backwards-
StephaneLenclud@436
    61
		///compatibility.  64-bit applications or applications that have an associated
StephaneLenclud@436
    62
		///manifest do not enjoy UAC virtualization because they are assumed to be
StephaneLenclud@436
    63
		///compatible with Vista and UAC.
StephaneLenclud@436
    64
		///</remarks>
StephaneLenclud@436
    65
        static property bool IsCurrentProcessVirtualized
StephaneLenclud@436
    66
        {
StephaneLenclud@436
    67
            bool get();
StephaneLenclud@436
    68
        }
StephaneLenclud@436
    69
StephaneLenclud@436
    70
		///<summary>
StephaneLenclud@436
    71
		///Returns <b>true</b> if the current process is elevated, i.e. if the process
StephaneLenclud@436
    72
		///went through an elevation consent phase.
StephaneLenclud@436
    73
		///</summary>
StephaneLenclud@436
    74
		///<remarks>
StephaneLenclud@436
    75
		///This property will return <b>false</b> if UAC is disabled and the process
StephaneLenclud@436
    76
		///is running as admin.  It only determines whether the process went through
StephaneLenclud@436
    77
		///the elevation procedure.
StephaneLenclud@436
    78
		///</remarks>
StephaneLenclud@436
    79
		static property bool IsCurrentProcessElevated
StephaneLenclud@436
    80
        {
StephaneLenclud@436
    81
            bool get();
StephaneLenclud@436
    82
        }
StephaneLenclud@436
    83
StephaneLenclud@436
    84
		///<summary>
StephaneLenclud@436
    85
		///Disables User Account Control by changing the LUA registry key.
StephaneLenclud@436
    86
		///The changes do not have effect until the system is restarted.
StephaneLenclud@436
    87
		///</summary>
StephaneLenclud@436
    88
		static void DisableUac();
StephaneLenclud@436
    89
		
StephaneLenclud@436
    90
		///<summary>
StephaneLenclud@436
    91
		///Disables User Account Control and restarts the system.
StephaneLenclud@436
    92
		///</summary>
StephaneLenclud@436
    93
		static void DisableUacAndRestartWindows();
StephaneLenclud@436
    94
StephaneLenclud@436
    95
		///<summary>
StephaneLenclud@436
    96
		///Enables User Account Control by changing the LUA registry key.
StephaneLenclud@436
    97
		///The changes do not have effect until the system is restarted.
StephaneLenclud@436
    98
		///</summary>
StephaneLenclud@436
    99
		static void EnableUac();
StephaneLenclud@436
   100
StephaneLenclud@436
   101
		///<summary>
StephaneLenclud@436
   102
		///Enables User Account Control and restarts the system.
StephaneLenclud@436
   103
		///</summary>
StephaneLenclud@436
   104
		static void EnableUacAndRestartWindows();
StephaneLenclud@436
   105
StephaneLenclud@436
   106
		///<summary>
StephaneLenclud@436
   107
		///Creates a process under the elevated token, regardless of UAC settings
StephaneLenclud@436
   108
		///or the manifest associated with that process.
StephaneLenclud@436
   109
		///</summary>
StephaneLenclud@436
   110
		///<param name="exePath">The path to the executable file.</param>
StephaneLenclud@436
   111
		///<param name="arguments">The command-line arguments to pass to the process.</param>
StephaneLenclud@436
   112
		///<returns>A <see cref="Process"/> object representing the newly created process.</returns>
StephaneLenclud@436
   113
		static Process^ CreateProcessAsAdmin(System::String^ exePath, System::String^ arguments);
StephaneLenclud@436
   114
StephaneLenclud@436
   115
		///<summary>
StephaneLenclud@436
   116
		///Creates a process under the standard user if the current process is elevated.  The identity
StephaneLenclud@436
   117
		///of the standard user is determined by retrieving the user token of the currently running Explorer
StephaneLenclud@436
   118
		//(shell) process.  If the current process is not elevated, the standard user is used.
StephaneLenclud@436
   119
		///</summary>
StephaneLenclud@436
   120
		///<param name="exePath">The path to the executable file.</param>
StephaneLenclud@436
   121
		///<param name="arguments">The command-line arguments to pass to the process.</param>
StephaneLenclud@436
   122
		///<returns>A <see cref="Process"/> object representing the newly created process.</returns>
StephaneLenclud@436
   123
		static Process^ CreateProcessAsStandardUser(System::String^ exePath, System::String^ arguments);
StephaneLenclud@436
   124
StephaneLenclud@436
   125
	private:
StephaneLenclud@436
   126
		static int GetProcessTokenElevationType();
StephaneLenclud@436
   127
		static void SetUacRegistryValue(bool enable);
StephaneLenclud@436
   128
		static void RestartWindows();
StephaneLenclud@436
   129
StephaneLenclud@436
   130
		static System::String^ UacRegistryKey = "Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
StephaneLenclud@436
   131
		static System::String^ UacRegistryValue = "EnableLUA";
StephaneLenclud@436
   132
	};
StephaneLenclud@436
   133
}	// end namespace UacHelpers