By default, if an elevated process creates an out-of-process COM server, that COM server also runs elevated. The Activate as Activator policy runs the COM server with the same identity as the caller. When applied to an elevated caller, it means that client gets an elevated server running with the same identity.
To force the out-of-process COM server to run unelevated, set the RunAs value under the AppID key as follows:
[HKEY_LOCAL_MACHINE\Software\Classes\AppID\{guid}] RunAs="Interactive User"
This causes the server to activate as the currently logged-in user for the session, even if the activator is running elevated.
Be aware that the currently logged-in user may, nevertheless, be elevated if UAC is disabled, so this is not a guaranteed way to get a non-elevated server. Still, if UAC is disabled, then there is no such thing as an unelevated administrator, so the thing you’re asking for doesn’t exist in the first place.
Bonus reading: The RunAs value.
0 comments