"wsudo -u NoElevated" Starts as High Integrity instead of Medium when Admin Approval Mode is Disabled

Question

"wsudo -u NoElevated" Starts as High Integrity instead of Medium when Admin Approval Mode is Disabled

Syrin10 opened this issue 5 years ago · 2 comments

When running wsudo from a "High Integrity" account where Admin Approval Mode is disabled via policy, eg the pre-existing super "Administrator" account falls in this category by default, attempting to launch a program via "wsudo -u NoElevated" (attempting to make it run as Medium Integrity) still results in the process being launched as High Integrity instead though "wsudo -u MIC" properly launches the program as Low Integrity. Currently I can not get anything to work simply launching it as Medium Integrity as expected in this scenario. Tested with wsudo 2.5.0.248

Really hope I didn't just miss something in the documentation... Thanks for this great software along with NSudo!

Answer 1 · 2019-08-11T00:16:54.000Z

Wsudo uses WTSQueryUserToken to query non-administrator Tokens. When you close UAC, it returns a high integrity Token (medium when UAC is turned on). Currently I have used SetTokenInformation to set TokenIntegrityLevel, you can try it, but I still don't recommend closing it. UAC prompts or runs the built-in Administrator.

Answer 2 · 2019-08-12T16:32:35.000Z

New build seems to work like I had originally expected. I only understand parts of what you said however :-/

I'll keep it open for now, as you suggested, while I do even more testing before wsudo replaces runasil and perhaps nsudo. Thank you for the quick fix!