I'm buiding a command line tool in Go that has an option to install itself as a service on Windows, which it needs admin rights for. I wanted to be able to have it reliably detect if it was running as admin already and if not, relaunch itself as admin. When the user runs the tool with the specific switch to trigger this functionality (-install or -uninstall in my case) they are prompted by UAC (User Account Control) to run the program as admin, which allows the tool to relaunch itself with the necessary rights.
To detect if I was admin, I tried the method described here first:
https://coolaj86.com/articles/golang-and-windows-and-admins-oh-my/
This wasn't accurately detecting that I was elevated, and was reporting that I was not elevated even when running the tool in CMD prompt started with "Run as Administrator" so I needed a more reliable method.
I didn't want to try writing to an Admin protected area of the filesystem or registry because Windows has the ability to transparently virtualize those writes for standard users, which would have created a false positive.
I found this post on Reddit that recommended attempting to os.Open \\.\PHYSICALDRIVE0 which is not something that is virtualized, and this worked well for my purpose.
https://www.reddit.com/r/golang/comments/53dthc/way_to_detect_if_the_programs_running_with/
To relaunch the tool as Admin with a UAC prompt, I used the ShellExecute function in the golang.org/x/sys/windows package, using the "runas" verb that I learned about from here:
https://www.codeproject.com/Articles/320748/Haephrati-Elevating-during-runtime
The sample Go code is below. Other solutions talk about creating and embedding an application manifest with the requiresAdministrator attribute set, but this method does not require a manifest to be present.
Hello,
Thank you for sharing the code in the first place!
I would like to make a question that might prove to be a potential suggestion for improvement.
After line 36, I would suggest (always with a question-mark) that the following line of code should be executed:
os.Exit(0)
To terminate the current thread that tries to elevate the privileges on the process.
However, according to the usage of the code, the os.Exit(0) can take place after the function call for the NOT elevated process.�
Please let me know your thoughts :)