System and methods for exchanging user interface data in a multi-user system
First Claim
1. In a computer system having an operating system stored in a memory and a processor that processes said operating system, an administrative account having administrator level privileges and at least one user account without administrator level privileges, a method of performing operations on said processor requiring administrator privileges in a user account responsive to a user, comprising:
- upon system startup, automatically starting a notification service;
upon a user logging on to the operating system, the notification service creating an interactive user context instance with a session moniker, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creating a user interface executable corresponding to a specified user session, the user interface executable creating an instance of an out of process thin wrapper for administrator level application program interface calls;
identifying the need to provide administrator level privileges to an application running in a non-administrator privileged mode;
communicating a portion of the operations in the application requiring administrator level privileges;
elevating the portion of the operations of the application running in a non-administrative privileged mode to administrator level privilege level by temporarily associating, during the specified user session, the service security identifier with the user and the portions of the operations to be elevated to administrative privileges, wherein the service security identifier is allocated to the instance of the out of process thin wrapper for administrator level application program interface calls; and
storing the service security identifier in an access control list.
2 Assignments
0 Petitions
Accused Products
Abstract
A centralized process is provided for elevating portions of an application running under a user account to administrator privilege. A service security identifier is temporarily associated with the user and the portions of the application to be elevated to administrator privileges. The service security identifier is registered in the access control list to be accessed by the operating system. The centralized process may be used in the activation of software products.
7 Citations
11 Claims
-
1. In a computer system having an operating system stored in a memory and a processor that processes said operating system, an administrative account having administrator level privileges and at least one user account without administrator level privileges, a method of performing operations on said processor requiring administrator privileges in a user account responsive to a user, comprising:
-
upon system startup, automatically starting a notification service; upon a user logging on to the operating system, the notification service creating an interactive user context instance with a session moniker, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creating a user interface executable corresponding to a specified user session, the user interface executable creating an instance of an out of process thin wrapper for administrator level application program interface calls; identifying the need to provide administrator level privileges to an application running in a non-administrator privileged mode; communicating a portion of the operations in the application requiring administrator level privileges; elevating the portion of the operations of the application running in a non-administrative privileged mode to administrator level privilege level by temporarily associating, during the specified user session, the service security identifier with the user and the portions of the operations to be elevated to administrative privileges, wherein the service security identifier is allocated to the instance of the out of process thin wrapper for administrator level application program interface calls; and storing the service security identifier in an access control list. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for elevating a portion of the operations of an application running in a non administrative privileged mode to administrator level privilege level comprising:
-
a memory; and a processor that processes instructions for implementing the step of; automatically starting a notification service upon system startup, wherein, upon a user logging on to the operating system, the notification service creates an interactive user context instance with a session moniker, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creates a user interface executable corresponding to a specified user session, and the user interface executable creates an instance of an out of process thin wrapper for administrator level application program interface calls; identifying the need to provide administrator level privileges to an application running in a non-administrator privileged mode; communicating a portion of the operations in the application requiring administrator level privileges; and elevating the portion of the operations of the application running in a non administrative privileged mode to administrator level privilege level wherein the service security identifier is temporarily associated, during the specified user session with the user and the portions of the operations to be elevated to administrative privileges and storing the service security identifier in an access control list, and wherein the service security identifier is allocated to the instance of the out of process thin wrapper for administrator level application program interface calls. - View Dependent Claims (7)
-
-
8. A processor implemented method for activating software, said processor programmed to implement the steps of:
-
notifying a user of activation status; upon system startup, automatically starting a notification service; upon a user logging on to the operating system, the notification service creating an interactive user context instance with a session moniker instance for the user, the user context including a security identifier and a listing of privileges assigned to the user, the session moniker creating a user interface executable program corresponding to a specified user session, the user interface executable creating an instance of an out of process COM object for administrator level application program interface calls; launching an internet connection wizard; launching an activation wizard; launching a binary application for providing administrator level privilege to functions in the activation wizard; communicating a portion of the functions in the activation wizard requiring administrator level privileges; elevating the portion of the functions in the activation wizard running in a non-administrative privileged mode to administrator level pprivilege level by temporarily associating, during the specified user session, a service security identifier with the user and the functions to be provided administrative level privileges, the service security identifier including user information, and administrator level privilege assigned to functions in non administrator level applications, wherein the service security identifier is allocated to the instance of the out of process COM object for administrator level application program interface calls; and updating an access control list with the service security identifier. - View Dependent Claims (9, 10, 11)
-
Specification