I have a native Windows application which starts another process. Is it possible from the mother process to restrict the rights of the child process? I'm thinking along the lines of a sand box. The exact requirements aren't finished yet, but potentially I would like to restrict:
I guess I could create a user with certain rights and start the process using that user, but that is not really a good solution in this case, as I might potentially end up with a large number of different processes each with their own set of required access rights. Any ideas?
Have a look at Chrome's Windows sandbox architecture.