Re: Refreshing User Access Token Without Logging Off

From: Kirk Ferdmann (kirk_ferdmann_at_nospam.hotmail.com)
Date: 12/20/03 

Date: Fri, 19 Dec 2003 18:41:00 -0800

"Umer Mian" <mianNOSPAM@kkl.com> wrote in message
news:ue0l$knxDHA.2076@TK2MSFTNGP10.phx.gbl...
> I want to be able to add a user to the Administrators group and have the
> change take effect without having the user logoff. I know that the user
> access token gets created upon login, but I've also heard that there's a
way
> to have it re-created using an API call. I've done a lot of searching, but
> haven't found anything so far.

Theoretically you could use undocumented NtCreateToken to forge a token and
launch a new process with it. But obviously it will not have any effect on
already running processes. Also I would highly recommend to stay away from
this solution as it has so many issue under the surface. Many people
reported trying this road an yet I haven't seen even one successful
implementation.

> Does anyone know which API call you need to make to refresh the user
access
> token?

I believe there is none as it contradicts the model.

> Has anyone written a tool or script to do this? The reason you'd want
> to do this is because it would allow you to elevate a user's privileges
> without having the user logoff. I know that runas and 'su.exe' (from the
> resource kit) are the standard privilege-escalation tools, BUT there are
> issues with both.

What kind of issues? I hope you are not referring to the fact that they
require the password, because it's a good thing.

-Kirk