running "control.exe" with higher rights

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
Unknown_User_605
Posts: 0
Joined: Thu Jan 01, 1970 1:00 am

running "control.exe" with higher rights

Post by Unknown_User_605 » Sat Apr 21, 2007 7:15 pm

Hello,

Running sandboxed programms with higher rights like a simulated "administrator" are here discussed several times.

My Problem is slightly different. For normal working and surfing I'm using a restricted user account with Windows XP.
Sandboxies Control.exe is also running restricted.

1. Windows Installer Service is in this configuration not running, though a lot of Programms can be installed as restricted normal user
:-(

2. Now Terminating Control.exe and starting it with runas with a administrator account: All Forced programs starting ok, but not as administrator, instead as normal user.
Starting other programs by drag&drop to control.exe or with control.exe -> run sandboxed results in an error:
First Popoup "The Sandboxie driver (sbiedrv) is not available to sandbox programs..."
Secound Popup: "SBIE 1223 cannot replace token [C0000022 /44]"

In an older version like Sandboxie version 2.64 point 2 was no problem.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Sat Apr 21, 2007 11:05 pm

Windows Installer Service is in this configuration not running, though a lot of Programms can be installed as restricted normal user
The service will go crazy and delete entire trees in the (sandboxed) registry, if it's started by an account other than LocalSystem. Seriously.

For a later version, I can try to do something more meaningful about this. But it'll take a while.
In an older version like Sandboxie version 2.64 point 2 was no problem.
I undertsand, but Sandboxie version 2.64 was doing things in a different way. This is not intentional loss of functionality. A lot of stuff got better with the change to 2.80; this one got a bit worse.

* * *

Anyway, regarding the problem itself:

Either use Administator account,
or use Local Security Policy and grant your limited user one more right:
"Impersonate a client after authentication"
tzuk

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 3 guests