是的,子进程继承父进程的访问令牌(从TechNet上的
UAC Process and Interactions开始):
Each application that requires the administrator access token must prompt the administrator for consent. The one exception is the relationship that exists between parent and child processes. Child processes inherit the user access token from the parent process. Both the parent and child processes,however,must have the same integrity level.
一些相关的奖金信息:
runas实用程序有两个记录不良的交换机,名为/ showtrustlevels和/ trustlevel,它们似乎允许您使用标准用户令牌(而不是管理令牌)启动(从提升的进程)新进程,而不会降低子进程的完整性级别:
runas /trustlevel:0x20000 cmd.exe
你会发现Window标题包含(以[username]运行,具有受限制的权限),whoami将显示受限制的权限和组列表,与提升的提示相比: