{"id":99655,"date":"2018-09-05T07:00:00","date_gmt":"2018-09-05T21:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/?p=99655"},"modified":"2019-03-13T00:29:31","modified_gmt":"2019-03-13T07:29:31","slug":"20180905-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20180905-00\/?p=99655","title":{"rendered":"How do I request that my out-of-process COM server run unelevated?"},"content":{"rendered":"<p>By default, if an elevated process creates an out-of-process COM server, that COM server also runs elevated. The <a HREF=\"https:\/\/blogs.msdn.microsoft.com\/larryosterman\/2005\/10\/18\/activate-as-activator-activates-as-activator\/\"><i>Activate as Activator<\/i> policy<\/a> runs the COM server with the same identity as the caller. When applied to an elevated caller, it means that client gets an elevated server running with the same identity.  <\/p>\n<p>To force the out-of-process COM server to run unelevated, set the <b>RunAs<\/b> value under the <b>AppID<\/b> key as follows:  <\/p>\n<pre>\n[HKEY_LOCAL_MACHINE\\Software\\Classes\\AppID\\{guid}]\n  RunAs=\"Interactive User\"\n<\/pre>\n<p>This causes the server to activate as the currently logged-in user for the session, even if the activator is running elevated.  <\/p>\n<p>Be aware that the currently logged-in user may, nevertheless, be elevated if UAC is disabled, so this is not a guaranteed way to get a non-elevated server. Still, if UAC is disabled, then there is no such thing as an unelevated administrator, so the thing you&#8217;re asking for doesn&#8217;t exist in the first place. <\/p>\n<p><b>Bonus reading<\/b>: <a HREF=\"https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/com\/runas\">The <b>RunAs<\/b> value<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Back to the interactive user.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-99655","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"<p>Back to the interactive user.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/99655","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=99655"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/99655\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=99655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=99655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=99655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}