Re: CreateProcessAsUser Doubt

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 07/01/04


Date: Thu, 01 Jul 2004 16:13:28 -0400

In that case, you don't need privilege and you should probably use
CreateProcessWithLogonW as it is much easier to deal with. My CPAU (located on
free win32 tools page of www.joeware.net) also uses that call.

   joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Victor Pereira wrote:
> Hi joe, iīm using WinXP
> 
> Thanks,
> 
> VP
> oe Richards [MVP] wrote:
> 
>> 1. What operating system are you working with?
>>
>> 2. You can not add privileges to a userid on the fly, you must add 
>> them, then the ID must log off and log on to get them in their token. 
>> Then they can be enabled for use if needed. I.E. You can not run one 
>> program that sets the privs, then uses them. The user must always have 
>> those privs. This is why I ask what OS you are working with. XP and 
>> 2003 help.
>>
>> -- 
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> www.joeware.net
>>
>>
>>
>> Victor Pereira wrote:
>>
>>> Hi i'm trying to do a RunAs program and i have some doubts:
>>>
>>> 1 - Can i run it without a service ? Just calling :
>>>
>>> LogonUser - to get a user token
>>> DuplicateTokenEx - To duplicate my userīs token and set the 
>>> permissions TOKEN_ADJUST_PRIVILEGIES and TOKEN_QUERY
>>> AdjustTokenPrivilegies - To set SE_TCB_NAME privilegies
>>> CreateProcessAsUser - To run my process as a specifc user.
>>>
>>>
>>> Because iīm receiving an error 1300 (decimail), which means "Not all 
>>> privileges referenced are assigned to the caller".
>>>
>>> 2 - Can i adjust privilegies on an userīs token ? or i just can set 
>>> privilegies on a processīs token ?
>>>
>>>
>>> Thanks in advance,
>>>
>>> Victor Pereira


Relevant Pages

  • Re: CreateProcessWithLogonW error
    ... I would recommend just using LogonUser. ... to write code to turn those privileges on either. ... There is an additional restriction with CreateProcessWithLogonW that you may ... > service) and create a named pipe between the Apache service and this ...
    (microsoft.public.platformsdk.security)
  • Re: Calling CreateProcessAsUser
    ... CreateProcessWithLogonW and CreateProcessWithTokenW require no special ... From what I have been reading, it looks as though only a process running ... If it is not part of the LocalSystem account, ... does it have the necessary privileges to create a process as another user? ...
    (microsoft.public.win32.programmer.kernel)
  • Re: CreateProcessAsUser Doubt
    ... You can not add privileges to a userid on the fly, you must add them, then ... The user must always have those privs. ... Victor Pereira wrote: ... > DuplicateTokenEx - To duplicate my userīs token and set the permissions ...
    (microsoft.public.platformsdk.security)
  • Re: CreateProcessAsUser Doubt
    ... What are you exactly saying when say that you have to log off after put ... > Joe Richards Microsoft MVP Windows Server Directory Services ... > Victor Pereira wrote: ...
    (microsoft.public.platformsdk.security)