I am trying to find a way to allow a single process to be launched as an elevated user but prohibit this process from launching any children with it's token--in a way, sort of "sealing" the token. The reasoning behind this is to prevent a user from launching cmd.exe and gaining full access to the system.
I've looked through the process privilege constants and I'm not seeing anything that could be used to implement this functionality.
Aucun commentaire:
Enregistrer un commentaire