c - Is there a way for code to run with lower privileges, if Windows UAC is denied

Question

I'm trying to code a simple app in C for windows and I want it to run with elevated privileges. That's working fine, but I would like to make it work, with lower privileges, if the UAC prompt is denied by the user.

This is my manifest file:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> 
  <assemblyIdentity version="1.0.0.0"
     processorArchitecture="X86"
     name="reverse_shell"
     type="win32"/> 
  <description>Description of your application</description> 
  <!-- Identify the application security requirements. -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel
          level="highestAvailable"
          uiAccess="false"/>
        </requestedPrivileges>
       </security>
  </trustInfo>
</assembly>

Sorry if I didn't specify it well enough...

I would like that my code works like this: 1.User runs the program 2.UAC shows up to ask for elevate privileges 3.If user answers yes everything fine, if user answers no i would like my code to run with low privileges Thanks for your help

question from:https://stackoverflow.com/questions/65843146/is-there-a-way-for-code-to-run-with-lower-privileges-if-windows-uac-is-denied

Answer 1

By using a manifest, you inform the OS you complete program needs the requested privileges.

What you describe though, is a program with only one code path that actually needs these privileges, and another that does not. In this case, you would be better off programmatically requesting privileges from your program code, instead of through the manifest (which is handled by the OS before starting your actual application).

The problem is this isn't provided (as far as my quick google shows), so an alternative would be to write a wrapper (or keep the logic inside the same application somehow) that starts without permissions, then tries to run the actual program with elevated permissions, and if that fails, runs the actual program without elevated permissions.