Re: NTLM Win2000 and Impersonation

From: Ash (anonymous_at_discussions.microsoft.com)
Date: 10/20/03 

Date: Sun, 19 Oct 2003 18:15:15 -0700

Well, this explains the problems I am having. Thanks heaps
for that. But then the question arises, is there a way to
get around this problem? Any suggestions please.

>-----Original Message-----
>look at the docs for SeImpersonatePrivilege
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Use of any included script samples are subject to the
terms specified at
>http://www.microsoft.com/info/cpyright.htm
>
>
>"Ash" <margya_rahul@hotmail.com> wrote in message
>news:03e301c3969d$cf51eaf0$a101280a@phx.gbl...
>> Hi All,
>>
>> I am using NTLM in Win2000 to impersonate an
Administrator
>> on a standalone PC. When I run my software under an user
>> account which is part of Administrator group everything
>> works perfect. However when I run the same software
>> (nothing changed) under an user account which is part of
>> User or Power user group, impersonation does not work.
>>
>> Well, I have been debugging this for some time now. The
>> calls to 'InitializeSecurityContext'
>> and 'AcceptSecurityContext' work fine as 'SEC_E_OK' is
>> returned at the end of these calls. However, when the
>> returned security context is used to retrieve a token
>> using 'OpenThreadToken', the token has an
>> ImpersonationLevel of 'SecurityIdentification'. Under
>> Administrator group account, the token returned has
>> ImpersonationLevel of 'SecurityImpersonation', which is
>> right.
>>
>> Consequently, when I am running the software under User
>> group account, I cannot use the token retrieved to
>> impersonate an Administrator.
>>
>> Ideally, I should be able to impersonation anyone under
>> any account as long as I enter the correct username,
>> password and domain.
>>
>> I would greatly appreciate anyones help on this. Thanks.
>
>
>.
>

Relevant Pages

  • Re: Out of Process execution and .NET
    ... "charlie" expressed in the message known ... I will impersonate a Domain ... security weakness of the highest sort. ... than a blanket Domain Admin account), ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How to use WindowsPrincipal properly??
    ... > If you want to check if the user is in the local computers security group ... > used by the general public you have to use Basic Authentication of course. ... You can logon a set account ... > WindowsIndentity which is then used to Impersonate. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Security
    ... web.config file to impersonate a domain user that has access to the database ... registry the domain user and password. ... have Windows Integrated Security set. ... user while running the code under the impersonated account. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: Queryinterface Error
    ... AS for the problem you described, it is likely due to security issue. ... the current logon user account. ... IIS: Integrited windows? ... By default, if we didn't use impersonate, asp.net will run under the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: NTLM Win2000 and Impersonation
    ... > I am using NTLM in Win2000 to impersonate an Administrator ... > account which is part of Administrator group everything ... > returned security context is used to retrieve a token ...
    (microsoft.public.platformsdk.security)