An technology of remote injection based on user schemes has been studied. Before using privilege promotion function, users with different privileges have the same running-results about remote injection. After using promotion function, different privileges users get different results by running the same program. This phenomenon has been interpreted and point out that, in order to performance remote injection critical process, restricted user must be promoted as an administrator.