One day in the middle of a hot August day I received a letter from Holmes – he urgently asked me to come to Baker Street. When I entered the office, there already sat on the edge of the chair a girl dressed modestly, but with great taste.
“Meet Miss Winsley,” said Holmes, pointing to her. "She will tell her story that should interest you," he added, squinting slightly.
The story of Miss Winsley
The girl began her story, gathering her strength every two or three phrases and never ceasing to nervously pull at her handkerchief. Her father died when she was still a baby, and her mother remarried to a certain Mr. Gates. He was very rich, but the stepdaughter’s special bounty did not fall.
Three years ago, her mother died, and recently this world left her stepfather. Almost all of his fortune he bequeathed to the fund to combat pirated assemblies Windows. The girl owed only a little bit, which, however, she would have been enough for years of comfortable existence. However, whether from harm, or just as a joke, Mr. Gates included in the testament a special point.
To get her share of the inheritance, Miss Winsley had to find a way to start Windows 7 Explorer with administrator rights, without turning off user account control. Moreover, she was given exactly one week to find a solution.
Over the previous six days, the girl lost her legs trying to find a solution. She turned to the most famous detectives, but they all told her that this was impossible.
Miss Winsley sighed heavily and looked up at us, full of pleas: “Gentlemen, you are my last hope!” If until the evening you do not pick up the key to the riddle, I am doomed to a beggarly existence.
Holmes looked at her thoughtfully: “Usually, I avoid doing things that need to be resolved by a certain date. But since all your cards are already bits, I will take up this business. I think Dr. Watson will help me with this.
When the girl left, Holmes slowly lit his pipe and finally turned to me: – Watson, you are shining like the blasts of that bruised “bobby” that is now on the corner. Do you know the solution?
I have always believed that Holmes is not too versed in modern technology – that is why he called me! The computer he used except for reading the crime chronicle, and downloading notes for his violin exercises.
Without saying a word, I opened a laptop that faithfully served me since the Iraq campaign. By running the task manager with full rights, I quickly completed the process.
Not hiding the celebration, I pushed Holmes a laptop with the explorer window open.
Holmes’ long fingers quickly ran over the keyboard, revealing the possibilities of the Windows shell that I had never known before. "And secondly …", – he clicked in the address bar of the explorer, entered cmd, pressed Enter and poked the tube mouthpiece into the header of the command line window. To my shame, there was no “Administrator” written there.
– My friend, I hope you understand that the explorer window was still open with normal rights? – Um … wait a minute Holmes, but this method definitely worked in Windows XP!
I began to wonder why in six days no one could help Miss Winsley. My appearance was probably not too joyful.
What told Process Explorer
Holmes looked at me regretfully through a ring of smoke: – Windows XP … Do you have a Process Explorer? I want to show you one curious thing.
I, like any experienced doctor, always carry Sysinternals tools in my bag.
– Watson, when you launched the explorer in a separate process, the elevation of rights did not occur, and the process has an average level of integrity. But look closer.
– Process Explorer shows that a separate explorer process is running from under the process.
Holmes hovers over the process
I opened the registry editor and ran a search by ID 75dff2b7-6936-4c06-a8bb-676a7b00b24b, which is used in the explorer command line. He brought me to one of the sub-sections of HKEY_CLASSES_ROOT \ CLSID. Based on the name of the default parameter, the subsection was responsible for starting several processes of the explorer simultaneously.
The AppID parameter contained a different identifier, obviously related to the Explorer application. Further search on it in the registry led me to the section
In the default setting, the Elevated-Unelevated Explorer Factory was specified there, which clearly hinted at the connection with the launch of the explorer with full and normal permissions.
– Holmes, the RunAs parameter with the Interactive User value, obviously indicates the type of account to start the process. Perhaps there are other valid values!
I opened the browser, intending to search the Internet, but Holmes suddenly stopped me:
– Just a minute, Watson! Sometimes it is useful to think for yourself, while Google has not weaned you from this worthy occupation. Have you heard of the Component Services snap-in?
Secret Services [components]
Holmes found a snap search in the Start menu (I later learned that you can still run the executable file
“Its main purpose is to configure DCOM objects, and here’s the Elevated-Unelevated Explorer Factory component. This is not a coincidence!
Holmes opened the component properties, and I saw that on the “Identity” tab, I had the choice of an account to start the conductor processes.
“The Interactive User parameter corresponds to the value of the RunAs parameter in the registry,” Holmes explained with an authoritative view.
After seeing other options, I assumed that this parameter restricts the launch of Explorer to current account rights, which even the administrator has are normal.
– It turns out, you need to try to set the "launching user". But why all the options are blocked, Holmes? – It’s elementary, Watson!
Change account type to launch Explorer
Holmes switched to the registry editor.
– Since in the snap-in it is impossible to change the type of account, you do not have rights to make changes to the registry key. This happens if it is owned by the TrustedInstaller system account.
He deftly gained access to the registry key and restarted the snap-in. Miraculously, the properties of the component Elevated-Unelevated Explorer Factory have the opportunity to change the type of account!
Then Holmes returned to the HKEY_CLASSES_ROOT \ AppID \ section and showed me that the RunAs parameter disappeared after a change in the snap-in.
Holms out puffing up his pipe calmly, Holmes returned the original rights and the owner of the registry section to its place, explaining:
– As you can see, changing the type of account to launch Explorer can be done in two ways – in the “Component Services” snap-in and directly in the registry. However, Watson, I do not recommend that you delete the registry value,
He pushed a laptop to me, making it clear that Miss Winsley’s problem had been solved, and added mockingly: “By the way, Watson, now it’s not at all necessary to complete all the processes of the conductor. Just use your undocumented key.
Run explorer with full rights
I opened the command line with full rights and executed
– So, the “Current User” (Interactive User) corresponds to a security token with normal rights, which by default is issued even to the administrator? – Absolutely right, Watson! Recall the story of two tickets to the play. When the command is executed as an administrator, the “Starting User” already corresponds to the administrator security token. Therefore, now the conductor has a high level of integrity, and his rights have fully increased.
I typed cmd in the explorer address bar, and the command line was opened with full rights (PID 2612).
“Can I call Miss Winsley?” “Of course, Watson!” And I think the girl will be pleased if you add an item to the context menu for launching a conductor on behalf of the administrator. This will serve as a vivid explanation for the stewards of Mr. Gates.
Context menu item to launch full-rights explorer
As soon as she crossed the threshold, Miss Winsley exclaimed: “Gentlemen, have you really been able to find a solution in just an hour?” “Allow your netbook, lady. Dr. Watson will show you the solution.
Miss Winsley pulled out a silver VAIO from a bulky handbag and handed it to me. After a couple of minutes, I created an item in the context menu for opening a folder as an administrator.
– Miss Winsley, by selecting this item and agreeing to the UAC request, you will open the explorer folder with full rights. All programs launched from this explorer window will also have administrator rights. Dragging files into programs with any rights will also work.
For the first time in Baker Street, Miss Winsley smiled, and her eyes lit up with happiness. Clutching a netbook to my chest, she showered me with words of gratitude, making me even blush under the ironic look of Holmes.
Already at the doorway Miss Winsley suddenly turned and asked: – Gentlemen, tell me, will this solution work in Windows vNext? There is another item in the will – I have to switch to it on the day RTM is released.
I froze, but Holmes responded instantly: – But the testament does not say that you should run the explorer with full rights in Windows vNext?
The girl shook her head, gave us another smile and disappeared behind the door.
And I could not resist the question: – Where did you get such deep knowledge in Windows, Holmes? – It’s elementary, Watson! I am subscribed to the herald, “Think Outside the Box!”, Through which I regularly replenish my knowledge. Yes, and to understand Windows is still easier than learning how to play the violin!
You can mark fragments of text that are interesting to you, which will be accessible via a unique link in the address bar of the browser.
Vadim is the owner of this blog, and most of the entries here came from his pen. Details about the blog and the author here.
You may also be interested in:
Sign up for free notifications about new entries and get my book about speeding up Windows loading as a gift!