I'm running ShellExecute() with the "runas" verb in order to start a process that needs permission to reboot the computer.
Imagine a scenario where there are two admin accounts - one with shutdown group policy enabled and one with it disabled.
When the main process is started elevated by the admin account that does not have permission to execute a reboot, ShellExecute("runas") will not display a UAC prompt since the main process is already running elevated. This ends up not giving the user the opportunity to input the credentials of the account that has reboot permissions, and so the reboot is unsuccessful.
I guess a very non-elegant way of solving this issue would be to create an entirely new non-elevated process with the sole purpose of running ShellExecute("runas") to display the UAC prompt. However, according to this 2008 blog post on UAC, it's not particularly easy to "start a process non-elevated from the elevated process".
Any ideas?
Using CredUIPromptForWindowsCredentialsW() and CredUnPackAuthenticationBufferW() seems to do the trick. You can find this implementation in this SO question.
However, using
CredUIPromptForWindowsCredentialsW()with theCREDUIWIN_SECURE_PROMPTflag ends up causing the password and domain to be random strings maybe because they are encrypted. Attempting to useCredUnPackAuthenticationBufferW()with theCRED_PACK_PROTECTED_CREDENTIALSflags results in the failure of the function.As this goes out of the scope of this question I will explore this issue in a different one.