Open brunom opened 6 years ago
randomascii
commented
6 years ago I implemented the launch-as-unelevated once but ran into problems, as that article predicts. Permissions issues are a risk, as are environment differences. That said, I think that launch-as-elevated might work in most cases, which would make it worthwhile as an option, probably as an on-by-default option even.
brunom
commented
6 years ago How did you implement it the last time?
randomascii
commented
6 years ago I think my previous version was similar to (or perhaps a copy of) ShellExecuteFromExplorer.
MagicAndre1981
commented
6 years ago I use Task scheduler for that. If you are elevated you can create a task, configure the new to run as limited user and start the task via schtasks.exe to run WPA.exe unelevated
randomascii
commented
6 years ago It's not hard to run WPA unelevated. However the final result is not always desirable. For instance, if you run UIforETW under a separate admin account then when you launch WPA it will be under a different user which won't have permissions to read the traces.
So, changes to how WPA is launched unelevated aren't really helpful. What is needed is a way to detect whether long unelevated will work or not, and some testing to see how well it works, perhaps with an override setting (although I don't like adding more settings).
It's a security risk, as you mention in https://randomascii.wordpress.com/2011/05/27/performance-analyzer-doesnt-process-traces-while-elevated/ Launching an unelevated process from an elevated process is tricky: https://blogs.msdn.microsoft.com/oldnewthing/20131118-00/?p=2643