Open brunom opened 6 years ago
I implemented the launch-as-unelevated once but ran into problems, as that article predicts. Permissions issues are a risk, as are environment differences. That said, I think that launch-as-elevated might work in most cases, which would make it worthwhile as an option, probably as an on-by-default option even.
How did you implement it the last time?
I think my previous version was similar to (or perhaps a copy of) ShellExecuteFromExplorer.
I use Task scheduler for that. If you are elevated you can create a task, configure the new to run as limited user and start the task via schtasks.exe
to run WPA.exe unelevated
It's not hard to run WPA unelevated. However the final result is not always desirable. For instance, if you run UIforETW under a separate admin account then when you launch WPA it will be under a different user which won't have permissions to read the traces.
So, changes to how WPA is launched unelevated aren't really helpful. What is needed is a way to detect whether long unelevated will work or not, and some testing to see how well it works, perhaps with an override setting (although I don't like adding more settings).
It's a security risk, as you mention in https://randomascii.wordpress.com/2011/05/27/performance-analyzer-doesnt-process-traces-while-elevated/ Launching an unelevated process from an elevated process is tricky: https://blogs.msdn.microsoft.com/oldnewthing/20131118-00/?p=2643