Currently I have an application (A.exe) which determines when things need to be done, when such a time arises it launches another application (B.exe) with the appropriate parameters to do the actual work required, some of which could be administrative work (installing MSI, editing registry, etc...).
This all works perfectly fine in an administrative environment - but soon the application will be migrated to a restricted (user) account where the running application (A) does not have the rights to launch application (B) to the necessary work. The solution, have an administrative service (service installed when logged on as admin during software installation), and have this service communicate between (A.exe) and (B.exe)... Let's call the service (C) ...
My goal is therefore as follows:
- (A.exe) tells (C) that something needs to be done (somehow)
- (C) launches an instance of (B.exe) with admin rights (as it is an admin service) and (B.exe) performs the job just like it did before
Now this raises a few questions I was hoping to get some feedback on from people who have encountered similar situations or have advice they could give me so I don't shoot myself in the foot :)
1- My assumption is that I should be using C++ for my admin windows service, because C# requires all the managed DLLs and stuff I didn't want to risk any issues loading anything when running the admin service in a restricted user environment... am I crazy?
2- What would be the best method of communication between (A.exe) and the service (C), I need to take into account the difference in security (admin vs user), would using POST MESSAGES (windows or not) and have (A.exe) "find by name" work, could I get handle to (C) when I am user and it is admin? I would like to not use the registry or a file (like a mailslot) to communicate between them - but I am not sure what the best approach would be.
3- Will this actually work, if (C) launches (B.exe) does that imply that (B.exe) will have the admin rights it needs to perform its tasks?
Any help or hints would be much appreciated - trying to get a good & proper design in place before I start coding ... any ideas or lessons-learned you could provide would be great.
Thanks,
Convert A.exe to a Windows service and forget about C.exe. When you install this A.exe as a service, make sure the installer marks it to use LocalSystem as the account. LocalSystem pretty much as full admin rights on the PC.
Since A.exe is running as SYSTEM, and since A.exe knows what need to be done, just launch B.exe as you do now. B.exe will also run as SYSTEM.
This should work OK as long as B.exe doesn't need to interact with the logged on user on Windows Vista or Windows 7. Under these OS'es all the services run in a different window station and therefore cannot present a visual interface to the logged on user.
Should you write the service in C#? I don't see why not.