SaferCreateLevel SAFER_LEVELID_UNTRUSTED: The application was unable to start correctly (0xc0000142)

i'm trying to launch a process (any process) as "untrusted" using the SaferCreateLevel with the SAFER_LEVELID_UNTRUSTED safer level:

Allows programs to execute with access only to resources granted to open well-known groups, blocking access to Administrator and Power User privileges and personally granted rights.

Using the code from Michael Howards DropMyRights MDSN article (Browsing the Web and Reading E-mail Safely as an Administrator) the pseudo-code is:

//get a handler on a Safer level
hSaferLevel = SaferCreateLevel(SAFER_SCOPEID_USER, SAFER_LEVELID_UNTRUSTED);

//Create a security token out of the safer level handle
hSecurityToken = SaferComputeTokenFromLevel(hSaferLevel);

//Create process as user
CreateProcessAsUser(hSecurityToken, "myapp.exe");

Except that the process fails to launch:

The application was unable to start correctly (0xc0000142).

What's going on here?

Note: Launching a process at the SAFER_LEVELID_NORMALUSER works fine:

Allows programs to execute as a user that does not have Administrator or Power User user rights. Software can access resources accessible by normal users.

Although since everyone already runs as a "Normal User" these days, there's little value in it.

My application is able to handle running as a "low" user.

The end goal was to run the process with the same privelages as a MandatoryIntegrity\Low process would get (although not tagged as "low"). So i tested that.

i used icacls to mark my application to run Mandatory Integrity Level\Low:

C:\Develop>icacls RTMS.exe /setintegritylevel Low
processed file: RTMS.exe
Successfully processed 1 files; Failed processing 0 files

And my application launches correctly, and is running at the low integrity level:

While i might be able to use the AddMandatoryAce API, or fiddle with the ACLs in the security token myself, i'm curious what's up with an UNTRUSTED Safer level - and why i can't get anything to launch.

Note: On Windows 7 if you mark calc or notepad as /setintegritylevel low they will fail to launch (no error, just never appear), even though this MSDN article talks about using calc as a test of low integrity level:

0xc0000142 = STATUS_DLL_INIT_FAILED

Maybe Process Monitor will give you some clues?

UNTRUSTED is probably too restriced for most things. You can't access your own profile, e.g.:

• HKEY_CURRENT_USER
• %temp%

Did you try CONSTRAINED?

Another alternative is to use CreateRestrictedToken and compute a token that is just restrictive enough.

I'm guessing that MS sort of forgot about the Safer*Level functions in NT6 and we got UAC instead. (The RunAs GUI dialog on XP had the protect my computer option, but that dialog box is now gone (Even in XP, it was too restrictive for most things))