Description

The ELEVATE_USER_TOKEN option allows a process to execute with the highest privileges available to it; the UCMD server will execute the process with an elevated user token (that is, one not subject to User Account Control (UAC) restrictions).

Starting with Windows Vista, the Windows User Account Control (UAC) feature allows some privileged operations (for example, a process that takes ownership of a file) to execute only after receiving confirmation to do so. Windows obtains this confirmation when a user responds to a UAC prompt, thereby giving the application permission to proceed. This response elevates the user's access token to a fully-privileged token.

The non-interactive nature of a UCMD Server child processes prevents it from issuing the UAC elevation prompt, so any process that would normally require elevation may fail.

The ELEVATE_USER_TOKEN option solves this problem by instructing UCMD Server to obtain a user's elevated token and use it to execute the child process. This gives the process all privileges available to the user, not just those permitted by UAC.

Note

Setting this option will not provide the user with any additional privileges. It will simply enable all of the privileges that the user already has been granted.

Usage

Method	Syntax	IBM i	UNIX	Windows	z/OS
Configuration File Keyword	elevate_user_token option
Manager Override	elevate_user_token option

Values

option specifies whether or not UCMD Server child processes execute with an elevated user token.

Valid values for option are:

yes
Obtain an elevated user token and use it to execute the child process.
no
Execute the child process with a default user token. If that is not an elevated user token, some operations subject to UAC restrictions may fail.

Note

Some accounts - such as the built-in Administrator account - may already be fully elevated. Processes executed with this account may not need to set this option.

Default is no.

Browser not supported