Description

The ELEVATE_USER_TOKEN option allows a process to execute with the highest privileges available to it; the UCMD server will execute the process with an elevated user token (that is, one not subject to User Account Control (UAC) restrictions).

Starting with Windows Vista, the Windows User Account Control (UAC) feature allows some privileged operations (for example, a process that takes ownership of a file) to execute only after receiving confirmation to do so. Windows obtains this confirmation when a user responds to a UAC prompt, thereby giving the application permission to proceed. This response elevates the user's access token to a fully-privileged token.

The non-interactive nature of a UCMD Server child processes prevents it from issuing the UAC elevation prompt, so any process that would normally require elevation may fail.

The ELEVATE_USER_TOKEN option solves this problem by instructing UCMD Server to obtain a user's elevated token and use it to execute the child process. This gives the process all privileges available to the user, not just those permitted by UAC.

Usage

Values

option specifies whether or not UCMD Server child processes execute with an elevated user token.

Valid values for option are:

• yes
  Obtain an elevated user token and use it to execute the child process.
• no
  Execute the child process with a default user token. If that is not an elevated user token, some operations subject to UAC restrictions may fail.

Default is no.