Hi all,

I have a command (process) that needs to be run with administrator
privileges. The process itself should be run under the user's regular
account, however. So I'm looking for a way to prompt the user to enter
an admin password to complete the particular command I need to run. It
needs to work on Win2k+.

I assumed this would be very simple, but I'm having a hell of a time
with it. The simplest solution I've been able to find so far involves
a number of APIs:

1. Retrieve the username of an admin account on the system (not even
sure which API to use here yet).
2. Call CredUIPromptForCredentials with that username prefilled to
obtain the user's password.
3. Call LogonUser to retrieve a token for the admin user
4. Call CreateProcessAsUser with the returned token to run the
process.

First of all, I haven't even been able to get the above to work.
CreateProcessAsUser tells me that the client is missing some required
privileges and I haven't yet been able to track down the cause. (Brief
research indicates that CreateProcessWithLogonW might avoid this
error, but I'm doing this in Python, which doesn't currently have a
wrapper for that function.)

Second, it just seems difficult to believe that the process is this
complicated (and that there's no way for me to run an elevated process
without actually receiving the user's password directly). Any ideas?

Thanks!
Mark