Work-in-progress C++ code for launching executables and out-of-process COM server in a sandboxed low-integrity or AppContainer process on the same machine. There's no need to create any additional user accounts.
Run RunInSandbox.exe [ac|li|mi|hi] ExePath
to launch the ExePath
application in an AppContainer, low-integrity, medium-integrity or high-integrity process. This works for STARTUPINFOEX
-based process creation.
Run RunInSandbox.exe [ac|li|mi|hi] ProgID [username] [password]
to launch the ProgID
COM server in an AppContainer, low-integrity, medium-integrity or high-integrity process. The process will also run through a different user if username&password are provided. Unfortunately, AppContainer isolation doesn't work yet. Also, user impersonation only works for administrator accounts.
Example usage:
RunInSandbox.exe li PowerPoint.Application
to start Microsoft PowerPoint in a low-integrity process connected using COM automation.
This approach performs client-side user impersonation with ImpersonateLoggedOnUser
for the current thread. Then the COM server is created with CLSCTX_ENABLE_CLOAKING
to allow the COM server to be created with the current thread credentials.
Token impersonation problems | |
---|---|
Low integrity | โ (confirmed to work) |
AppContainer | โ Process is created but CoGetClassObject activation gives E_ACCESSDENIED (The machine-default permission settings do not grant Local Activation permission for the COM Server) |
Command-line tool to make a file or path writable by a low-integrity process. Useful for whitelisting specific folders that should not be subject to application sandboxing.
C#/.Net sample code for launching an executable or COM class in an "elevated" process with admin privileges. The same functionality is also included in the RunInSandbox project.
UAC related: