Patent attributes
A computer device for managing privilege delegation to control creation of processes thereon is described. Creation of a process, in a user account on a computer device, is requested according to first privileges. An agent, cooperating with an operating system of the computer device, intercepts the request. The agent determines whether to create the process according to second privileges, different from the first privileges and if permitted, cause the process to be created accordingly. The agent hooks a query provided by the operating system to identify whether a user account control service is enabled. The agent enquires of the operating system whether to create the process according to the second privileges whereupon the hooked query is invoked. The agent confirms to the operating system that the user account control service is enabled, such that checks by the operating system are performed as if the operating system were enabled.
