Re: Impersonating when creating a process from inside a SQL Server Assembly

Don't know much about security, but just a thought if you are
experiencing failures for many examples that should have worked...

If you are using Active Directory, do you have Kerbros security turned
on (it is shipped off by default)? Will turning it on make a
difference as to whether the primary or the impersonation token is
passed? I understand Kerbros will allow an impersonation token to make
multiple hops while windows security does not.



Relevant Pages

  • Re: Grant Administrative Access to a Domain Controller
    ... Anyone with a good understanding of AD and Windows security will easily see ways of compromising the environment. ... Do not give enhanced rights to Domain Controllers to anyone you don't trust with Domain and/or Enterprise Admins. ... Just know that minimal access can be parlayed into even more access and try as you might, you cannot secure Active Directory from people with server operator or admin or several other levels of access rights on a DC. ...
  • Re: Grant Administrative Access to a Domain Controller
    ... MPerrault suggested security, you said "IT CAN BE DONE WITHOUT ANY FANCY ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... Controller Security Policy are also options to log on as a service, ...
  • [NT] Active Directory Stack Overflow
    ... Beyond Security in Canada ... Active Directory, which is an essential component of the Windows 2000 ... A vulnerability in Active Directory allows an attacker to crash and force ... The vulnerability can be triggered when an LDAP version 3 search request ...
  • RE: LDAP + Active Directory
    ... Subject: LDAP + Active Directory ... current article series on Sfocus (An Audit of Active Directory Security)... ... that security in AD can get ... For more information on SecurityFocus' SIA service which ...
  • RE: Read only Admin privileges for Active Directory environment?
    ... the Security log as well, ... 'Read only' Admin privileges for Active Directory environment? ... Our InfoSec team has requested Domain Admin privileges ... Our program offers unparalleled Infosec management ...