RE: LogonUser Error -1314 on Window2000

From: Chris Moore (cmoore_at_online.microsoft.com)
Date: 03/13/04

  • Next message: Paul Glavich [MVP - ASP.NET]: "Re: To Be or To Impersonate, that is the Question" 
    Date: Sat, 13 Mar 2004 01:56:51 GMT

    Is this Win2000 SP4? If so, have you tried to grant the "impersonate a
    user" (or something similar) privilege to the ASP.NET account? This was a
    change in SP4 vs. SP3, and it looks like the KB article that you referenced
    was released pre-SP4 (Jan 2003).

    HTH,
    Chris
    --------------------
    >Thread-Topic: LogonUser Error -1314 on Window2000
    >thread-index: AcQIRD2RfUhqJp4zSzqwQ4FdinPUOw==
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >From: "=?Utf-8?B?TGlzYQ==?=" <anonymous@discussions.microsoft.com>
    >Subject: LogonUser Error -1314 on Window2000
    >Date: Fri, 12 Mar 2004 07:11:05 -0800
    >Lines: 8
    >Message-ID: <8DED20DB-1F32-4681-9790-46326D8FD424@microsoft.com>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="Utf-8"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Content-Class: urn:content-classes:message
    >Importance: normal
    >Priority: normal
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Path: cpmsftngxa06.phx.gbl
    >Xref: cpmsftngxa06.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:9143
    >NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >I am trying to use LogonUser function in one of our web services. I used
    the sample codes listed in
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q306158

    I also granted the "Act as part of the operating system" privilege to the
    ASPNET account. But I get 1314- ERROR_PRIVILEGE_NOT_HELD. Do I miss
    anything?
    ( By the way, the same codes works on WindowXP, but not on Window2000. )

    Regards,

    Lisa
    >

  • Next message: Paul Glavich [MVP - ASP.NET]: "Re: To Be or To Impersonate, that is the Question"

    Relevant Pages

    • ASP and LogonUser
      ... because LocalSystem has that privilege. ... RevertToSelf doesn't work because by default, the IWAM account doesn't ... since even out-of-process apps impersonate the IUSR ... IWAM privilege get the impersonation token for IUSR? ...
      (microsoft.public.inetserver.iis.security)
    • Re: Win2000 Impersonation weirdness? (or is it a conundrum?)
      ... Is the server joined to a domain? ... priveleges to impersonate in a domain. ... The privilege need not be ... > default as an unprivileged account ...
      (microsoft.public.security)
    • Re: Win2000 Impersonation weirdness? (or is it a conundrum?)
      ... Is the server joined to a domain? ... priveleges to impersonate in a domain. ... The privilege need not be ... > default as an unprivileged account ...
      (microsoft.public.win2000.security)
    • Re: CreateProcessAsUser error "the client does not have the required priviledges"
      ... > After you grant a certain privilege to an account, you need to log off and ... i run the program to do the Impersonate? ...
      (microsoft.public.platformsdk.security)
    • Re: ASP.NET Impersonation / delegation
      ... If your security guys will not even allow delegation, ... Bruce - I think this is a major right to grant to the ASPNet account. ... I have included a description on SE_TCB_NAME privilege from one of the MS ...
      (microsoft.public.dotnet.framework.aspnet)