I am logged in as the administrator when I installed an application named pdflatex.exe on my server. This application works as a converter from LaTeX input file to Pdf file.
I host an Asp.net MVC 3 application running under an Application Pool Identity with Load User Profile = True.
The Asp.net MVC 3 code contains a code that executes pdflatex.exe using System.Diagnostic.Process instance as follows:
Process p = new Process();
p.EnableRaisingEvents = true;
p.Exited += new EventHandler(p_Exited);
p.StartInfo.Arguments = "-interaction=nonstopmode " + inputpath;
p.StartInfo.WorkingDirectory = @"c:\mydomain.com\working";
p.StartInfo.UseShellExecute = false;
p.StartInfo.FileName = "pdflatex.exe";
p.Start();
p.WaitForExit();
From the scenario above,
Can an application running under a less privileged account start a process executing another application under an administrative account?
No, a lower privilege application cannot start an elevated application without properly asking for UAC elevation (which prompts for an administrative username and password). If you could elevate a spawned app from a lower-access app, it would be a major security gap.