{"id":15823,"date":"2009-12-02T07:00:00","date_gmt":"2009-12-02T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2009\/12\/02\/a-shell-extension-is-a-guest-in-someone-elses-house-dont-go-changing-the-carpet\/"},"modified":"2009-12-02T07:00:00","modified_gmt":"2009-12-02T07:00:00","slug":"a-shell-extension-is-a-guest-in-someone-elses-house-dont-go-changing-the-carpet","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20091202-00\/?p=15823","title":{"rendered":"A shell extension is a guest in someone else&#039;s house; don&#039;t go changing the carpet"},"content":{"rendered":"<p>A customer was running into this problem with a shell extension:<\/p>\n<blockquote class=\"q\"><p> I am writing a shell namespace extension. I need to get data from a COM server, which requires impersonation via <code>CoInitializeSecurity<\/code> with <code>RPC_C_IMP_LEVEL_IMPERSONATE<\/code>. As I am just writing an extension into <code>explorer.exe<\/code>, I am not able to call <code>CoInitialize<\/code>, <code>CoInitializeSecurity<\/code> anymore from my extension. Is there a way I can start <code>explorer.exe<\/code> by setting <code>RPC_C_IMP_LEVEL_IMPERSONATE<\/code> in its COM initialization? I was browsing through web, and <code>explorer.exe<\/code> seems to take some settings from registry, but couldn&#8217;t find anything related to this one.  <\/p><\/blockquote>\n<p> First of all, who says that the host process is <code>explorer.exe<\/code>? If I open Notepad, then do a File.Open, and then navigate to your shell extension, boom, your shell extension is now loaded into Notepad, and I doubt you told Notepad that you wanted it to initialize COM in a special way, just for you. Same goes for Quicken, Lotus Notes, all those other programs that use the shell. Even if you solved the problem for Explorer, that doesn&#8217;t solve your problem in general.\n Second, <a href=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2005\/06\/07\/426294.aspx\"> what if two shell extensions did this<\/a>? Your shell extension requires <code>RPC_C_IMP_LEVEL_IMPERSONATE<\/code>, but another one requires <code>RPC_C_IMP_LEVEL_DELEGATE<\/code>. Who wins? Or are those shell extensions mutually incompatible? And what about the effect your decision has on the other shell extensions hosted by Explorer? Now they are running with <code>RPC_C_IMP_LEVEL_IMPERSONATE<\/code> even though they didn&#8217;t ask for it. Will that introduce a security vulnerability? Will those other shell extensions stop working or even crash?\n A shell extension is a guest in the host process&#8217;s house. You don&#8217;t go and change the color of the carpet when you are invited over for dinner.<\/p>\n<p> This question is yet another example of <a href=\"http:\/\/blogs.msdn.com\/oldnewthing\/archive\/2008\/12\/11\/9193695.aspx\"> using a global setting to solve a local problem<\/a>. To solve your local problem (<i>I need this specific COM interface to run with impersonation<\/i>), <a href=\"http:\/\/msdn.microsoft.com\/ms686614.aspx\"> use a local solution<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A customer was running into this problem with a shell extension: I am writing a shell namespace extension. I need to get data from a COM server, which requires impersonation via CoInitializeSecurity with RPC_C_IMP_LEVEL_IMPERSONATE. As I am just writing an extension into explorer.exe, I am not able to call CoInitialize, CoInitializeSecurity anymore from my extension. [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-15823","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>A customer was running into this problem with a shell extension: I am writing a shell namespace extension. I need to get data from a COM server, which requires impersonation via CoInitializeSecurity with RPC_C_IMP_LEVEL_IMPERSONATE. As I am just writing an extension into explorer.exe, I am not able to call CoInitialize, CoInitializeSecurity anymore from my extension. [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/15823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=15823"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/15823\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=15823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=15823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=15823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}