This article describes an All-In-One Code Framework sample that is available for download. This code sample demonstrates how to start an application process at a low integrity level in Visual C++, Visual C#, and in Visual Basic .NET.
By default, a child process inherits the integrity level from its parent process. To start a low integrity level process from a medium integrity level process, you have to explicitly start the new process at a low integrity level.
Difficulty level
Low integrity level process can only writes to low integrity level location, such as the %USERPROFILE%\AppData\LocalLow folder or the HKEY_CURRENT_USER\Software\AppDataLow key.
If you try to gain write access to objects at a higher integrity level, you will receive an access denied error even though the user's SID is granted write access in the discretionary access control list (DACL).
By default, child process inherits the integrity level from its parent process. To start a low integrity level process, you must start a new child process with a low integrity level access token by using CreateProcessAsUser function. Please refer to the CreateLowIntegrityProcess function in the sample packages for more information.
NoteFor more information about how to create the sample application and how to deploy the sample application, see the Readme.txt file that is included in the download package.
Tags
By default, a child process inherits the integrity level from its parent process. To start a low integrity level process from a medium integrity level process, you have to explicitly start the new process at a low integrity level.
Difficulty level
Download information
To download this code sample, click the following link:Technical overview
The code sample demonstrates how to start a process at low integrity level. The sample application launches itself at the low integrity level when you click the Launch myself at low integrity level button on the application.Low integrity level process can only writes to low integrity level location, such as the %USERPROFILE%\AppData\LocalLow folder or the HKEY_CURRENT_USER\Software\AppDataLow key.
If you try to gain write access to objects at a higher integrity level, you will receive an access denied error even though the user's SID is granted write access in the discretionary access control list (DACL).
By default, child process inherits the integrity level from its parent process. To start a low integrity level process, you must start a new child process with a low integrity level access token by using CreateProcessAsUser function. Please refer to the CreateLowIntegrityProcess function in the sample packages for more information.
NoteFor more information about how to create the sample application and how to deploy the sample application, see the Readme.txt file that is included in the download package.
Technology category
- Security
Languages
This code sample contains the following programming languages:| Language | Project Name |
| Visual C++ | CppCreateLowIntegrityProcess |
| Visual C# | CSCreateLowIntegrityProcess |
| Visual Basic.NET | VBCreateLowIntegrityProcess |
Prerequisites
- You must run this sample on Windows Vista or newer operating systems.
Tags
- Security, UAC, Integrity Level