Search code examples
windowswinapiuaclocal-security-authority

Impersonate a thread with user's filtered token


I'm writing an app that is a sort of a custom corporate setup. This app does a lot of tasks, some of them requires elevation.

I included a manifest so that when the app start the UAC ask user for elevation.

One of these task is mapping some network drives (with WNetAddConnection) to a remote server. These mapping should be persistent. So far so good, except that when the app close, the user can't see the drives the app just mapped.

After some research (https://serverfault.com/a/185885/147818), I understand that when the user logs in, it's session receive 2 tokens, one with low privileges, the other with full privileges, the one that is used to run process when elevation is required.

My question : Is that possible that my app launch a thread that gets the current user filtered token in way a that when the app's tasks are finished, the user can see the network drives in the explorer ?

Is that possible to impersonate the thread with this token ?

I'm aware of these possible workaround :

  • Redesigning the app so that only some specific tasks that do requires elevation would be encapsulated in a COM object.
  • Tweaking the registry with the EnableLinkedConnections setting (requires a user's session restart)

but for some reasons, none of these solutions is an option.

Any help would be greatly appreciated


Solution

  • We encountered the same problem when mapping drives from our elevated installer.

    The way we handled this is that we first map the drives from the installer which is of course running in the elevated UAC state. The last thing the installer does is creates a text file that lists the drive letters and their mapped network drives. Then we run a second program non-elevated that does the mapping for the user. These mappings are persistent.

    This has worked for us over thousands of installs world-wide on customers' machines.