FindFirstFile and Impersonation

From: asmx (asmx_at_hotmail.com)
Date: 10/14/03


Date: 14 Oct 2003 08:14:40 -0700

Hi
I am impersonating a kerberos client. I have been successfully able to
retrieve the client crendentials and impersonate.
I cannot access any network resources, though the user I am
impersonating is a domain user.
Below, I list all the privileges.
What else do I need to do a FindFirstFile(with wild card) on a network
resource.

thx!

----------- begin list of tokens -----------------
  Token source: "Kerberos" (luid = 19912)
  Token owner:
    S-1-5-32-544 "BUILTIN\Administrators" (alias)
  Token user:
    S-1-5-21-1715567821-1965331169-1606980848-1166 "GALAXY\xxxxxx"
(user)
  Token impersonation level:
    Impersonation
  Token type:
    Impersonation
  Token primary group:
    S-1-5-21-1715567821-1965331169-1606980848-513 "GALAXY\Domain
Users" (group)
  Token groups:
    S-1-5-21-1715567821-1965331169-1606980848-513 "GALAXY\Domain
Users" (group)
    S-1-1-0 "Everyone" (well-known group)
    S-1-5-32-544 "BUILTIN\Administrators" (alias)
    S-1-5-32-545 "BUILTIN\Users" (alias)
    S-1-5-2 "NT AUTHORITY\NETWORK" (well-known group)
    S-1-5-11 "NT AUTHORITY\Authenticated Users" (well-known group)
  Token Privileges: (17)
    [0] SeChangeNotifyPrivilege - Bypass traverse checking
    [1] SeSecurityPrivilege - Manage auditing and security log
    [2] SeBackupPrivilege - Back up files and directories
    [3] SeRestorePrivilege - Restore files and directories
    [4] SeSystemtimePrivilege - Change the system time
    [5] SeShutdownPrivilege - Shut down the system
    [6] SeRemoteShutdownPrivilege - Force shutdown from a remote
system
    [7] SeTakeOwnershipPrivilege - Take ownership of files or other
objects
    [8] SeDebugPrivilege - Debug programs
    [9] SeSystemEnvironmentPrivilege - Modify firmware environment
values
    [10] SeSystemProfilePrivilege - Profile system performance
    [11] SeProfileSingleProcessPrivilege - Profile single process
    [12] SeIncreaseBasePriorityPrivilege - Increase scheduling
priority
    [13] SeLoadDriverPrivilege - Load and unload device drivers
    [14] SeCreatePagefilePrivilege - Create a pagefile
    [15] SeIncreaseQuotaPrivilege - Increase quotas
    [16] SeUndockPrivilege - Remove computer from docking station