System and methods for exchanging user interface data in a multi-user system

US 7,945,942 B2
Filed: 07/15/2005
Issued: 05/17/2011
Est. Priority Date: 07/15/2005
Status: Active Grant

First Claim

Patent Images

1. In a computer system having an operating system stored in a memory and a processor that processes said operating system, an administrative account having administrator level privileges and at least one user account without administrator level privileges, a method of performing operations on said processor requiring administrator privileges in a user account responsive to a user, comprising:

upon system startup, automatically starting a notification service;

upon a user logging on to the operating system, the notification service creating an interactive user context instance with a session moniker, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creating a user interface executable corresponding to a specified user session, the user interface executable creating an instance of an out of process thin wrapper for administrator level application program interface calls;

identifying the need to provide administrator level privileges to an application running in a non-administrator privileged mode;

communicating a portion of the operations in the application requiring administrator level privileges;

elevating the portion of the operations of the application running in a non-administrative privileged mode to administrator level privilege level by temporarily associating, during the specified user session, the service security identifier with the user and the portions of the operations to be elevated to administrative privileges, wherein the service security identifier is allocated to the instance of the out of process thin wrapper for administrator level application program interface calls; and

storing the service security identifier in an access control list.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized process is provided for elevating portions of an application running under a user account to administrator privilege. A service security identifier is temporarily associated with the user and the portions of the application to be elevated to administrator privileges. The service security identifier is registered in the access control list to be accessed by the operating system. The centralized process may be used in the activation of software products.

7 Citations

View as Search Results

11 Claims

1. In a computer system having an operating system stored in a memory and a processor that processes said operating system, an administrative account having administrator level privileges and at least one user account without administrator level privileges, a method of performing operations on said processor requiring administrator privileges in a user account responsive to a user, comprising:
- upon system startup, automatically starting a notification service;
  
  upon a user logging on to the operating system, the notification service creating an interactive user context instance with a session moniker, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creating a user interface executable corresponding to a specified user session, the user interface executable creating an instance of an out of process thin wrapper for administrator level application program interface calls;
  
  identifying the need to provide administrator level privileges to an application running in a non-administrator privileged mode;
  
  communicating a portion of the operations in the application requiring administrator level privileges;
  
  elevating the portion of the operations of the application running in a non-administrative privileged mode to administrator level privilege level by temporarily associating, during the specified user session, the service security identifier with the user and the portions of the operations to be elevated to administrative privileges, wherein the service security identifier is allocated to the instance of the out of process thin wrapper for administrator level application program interface calls; and
  
  storing the service security identifier in an access control list.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the step of identifying the need to provide administrator level privileges comprises the steps of scheduling a notification message and notifying the user.
  - 3. The method of claim 2 wherein the step of notifying the user comprises displaying an interactive dialog application.
  - 4. The method of claim 1 further comprising:
    - executing at administrator level privilege the portions of the operations associated with the service security identifier.
  - 5. The method of claim 1 wherein the portion of the operations in the application requiring administrator level privileges comprises an out of process COM object.

6. A system for elevating a portion of the operations of an application running in a non administrative privileged mode to administrator level privilege level comprising:
- a memory; and
  
  a processor that processes instructions for implementing the step of;
  
  automatically starting a notification service upon system startup,wherein, upon a user logging on to the operating system, the notification service creates an interactive user context instance with a session moniker, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creates a user interface executable corresponding to a specified user session, and the user interface executable creates an instance of an out of process thin wrapper for administrator level application program interface calls;
  
  identifying the need to provide administrator level privileges to an application running in a non-administrator privileged mode;
  
  communicating a portion of the operations in the application requiring administrator level privileges; and
  
  elevating the portion of the operations of the application running in a non administrative privileged mode to administrator level privilege level wherein the service security identifier is temporarily associated, during the specified user session with the user and the portions of the operations to be elevated to administrative privileges and storing the service security identifier in an access control list, and wherein the service security identifier is allocated to the instance of the out of process thin wrapper for administrator level application program interface calls.
- View Dependent Claims (7)
- - 7. The system of claim 6 wherein the portion of the operations in the application requiring administrator level privileges comprises an out of process COM object.

8. A processor implemented method for activating software, said processor programmed to implement the steps of:
- notifying a user of activation status;
  
  upon system startup, automatically starting a notification service;
  
  upon a user logging on to the operating system, the notification service creating an interactive user context instance with a session moniker instance for the user, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creating a user interface executable program corresponding to a specified user session, the user interface executable creating an instance of an out of process COM object for administrator level application program interface calls;
  
  launching an internet connection wizard;
  
  launching an activation wizard;
  
  launching a binary application for providing administrator level privilege to functions in the activation wizard;
  
  communicating a portion of the functions in the activation wizard requiring administrator level privileges;
  
  elevating the portion of the functions in the activation wizard running in a non-administrative privileged mode to administrator level pprivilege level by temporarily associating, during the specified user session, a service security identifier with the user and the functions to be provided administrative level privileges, the service security identifier including user information, and administrator level privilege assigned to functions in non administrator level applications, wherein the service security identifier is allocated to the instance of the out of process COM object for administrator level application program interface calls; and
  
  updating an access control list with the service security identifier.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8 wherein said step of notifying a user comprises launching an interactive dialog application.
  - 10. The method of claim 8 wherein said step of launching a binary application for providing administrator level privilege to functions in the activation wizard comprises checking the privilege level assigned to the user with the assigned service security identifier.
  - 11. The method of claim 8 wherein the binary application for providing administrator level privilege to functions in the activation wizard comprises an out of process COM object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Toshev, Kalin, Perlman, Brian S, Girotto, Jay R, Gunyakti, Caglar
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
JOHNSON, CARLTON

Application Number

US11/183,196
Publication Number

US 20070016773A1
Time in Patent Office

2,132 Days
Field of Search

None
US Class Current

726/2
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

System and methods for exchanging user interface data in a multi-user system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for exchanging user interface data in a multi-user system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links