running "control.exe" with higher rights

[Unknown_User_605]

Hello,

Running sandboxed programms with higher rights like a simulated "administrator" are here discussed several times.

My Problem is slightly different. For normal working and surfing I'm using a restricted user account with Windows XP.
Sandboxies Control.exe is also running restricted.

1. Windows Installer Service is in this configuration not running, though a lot of Programms can be installed as restricted normal user


2. Now Terminating Control.exe and starting it with runas with a administrator account: All Forced programs starting ok, but not as administrator, instead as normal user.
Starting other programs by drag&drop to control.exe or with control.exe -> run sandboxed results in an error:
First Popoup "The Sandboxie driver (sbiedrv) is not available to sandbox programs..."
Secound Popup: "SBIE 1223 cannot replace token [C0000022 /44]"

In an older version like Sandboxie version 2.64 point 2 was no problem.

[tzuk]

Windows Installer Service is in this configuration not running, though a lot of Programms can be installed as restricted normal user

The service will go crazy and delete entire trees in the (sandboxed) registry, if it's started by an account other than LocalSystem. Seriously.

For a later version, I can try to do something more meaningful about this. But it'll take a while.

In an older version like Sandboxie version 2.64 point 2 was no problem.

I undertsand, but Sandboxie version 2.64 was doing things in a different way. This is not intentional loss of functionality. A lot of stuff got better with the change to 2.80; this one got a bit worse.

* * *

Anyway, regarding the problem itself:

Either use Administator account,
or use Local Security Policy and grant your limited user one more right:
"Impersonate a client after authentication"