DeleteIpForwardEntry Access Denied on Vista

Question

Calling DeleteIpForwardEntry() works perfectly well on Windows XP and Windows 7. On Windows Vista, however, it fails with ERROR_ACCESS_DENIED.

The documentation says that "the user lacks the required administrative privileges on the local computer or the application is not running in an enhanced shell as the built-in Administrator (RunAs administrator)."

Well, in my case the user is the Administrator on the local computer and the application is run on logon via SOFTWARE\Microsoft\Windows\CurrentVersion\Run so I can't really tell it to run in an "enhanced shell".

Is there a way to solve this "Catch 22" situation in Vista?

Answer 1

I don't understand why this would work on Windows 7. The docs indicate the failure will be the same.

On Windows Vista and later, the DeleteIpForwardEntry function can only be called by a user logged on as a member of the Administrators group. If DeleteIpForwardEntry is called by a user that is not a member of the Administrators group, the function call will fail and ERROR_ACCESS_DENIED is returned.

Also, your post indicates the logged on user is an Administrator. Is it possible that your Windows 7 and Windows Vista tests are for different users - on Windows 7 your test user is an admin, on Windows Vista machine the test user is not?

There's no way to work around this running the app in that way. Can you re-implement this as a Windows Service running in an admin account, which acts on interactive logon events on the machine to manipulate the IP configuration as needed?