.netcommanagedelevationmoniker

COM Elevation From Network Service Assembly


I am writing a .NET Plug-in assembly which loads into a pre-existing service which runs with "Network Service" credentials.

The Plug-in needs to carry out some elevated operations for which i need to launch an elevated managed COM server.

I have access to both the Plug-in code as well as the COM Server code.

My requirement is to make the COM Server launch elevated without prompting the user in any manner. The server needs to be launched on demand and terminated after the work is done.

If someone could help me with how this can be achieved, it'll help. Thanks.

If there are any changes required at install time, that can be done.

PS: I found about the "COM Elevation Moniker" but it appears that it helps in bringing up the UAC elevation dialog which doesn't fit my requirement.


Solution

  • Because you have access to the COM server, I'd recommend installing it as a COM+ application.

    Once it's installed as a COM+ application, you can set the application identity to the account that's needed to perform the operations.

    From there, assuming that the COM component is installed on the same machine as the code you're running, you should be able to access the COM component in .NET the same way, as CoCreateInstance will know that COM+ is intercepting the implementation.