Re: CreateProcessAsUser Doubt

• Previous message: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• In reply to: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• Next in thread: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• Reply: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 01 Jul 2004 18:15:51 -0400

This is why I asked what OS you are using and you responded XP.

If that is the case, then you have to make sure that the userid who will fire
the app has the SE_TCB_NAME priv before they log on and run your app (i.e you
can't do that on the fly). No other way than to set up a service that proxies
the calls like runas and SU (from reskit) does it.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Victor Pereira wrote:
> Joe CreateProcessWithLogonW() is supported just by windows xp,2000 and 
> 2003.Living in a third world, i  must support winnt 4 :-(
> 
> Thanks,
> 
> VP
> 
> Joe Richards [MVP] wrote:
> 
>> In that case, you don't need privilege and you should probably use 
>> CreateProcessWithLogonW as it is much easier to deal with. My CPAU 
>> (located on free win32 tools page of www.joeware.net) also uses that 
>> call.
>>
>>   joe
>>
>>
>>
>> -- 
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> www.joeware.net
>>
>>
>>
>> Victor Pereira wrote:
>>
>>> Hi joe, iīm using WinXP
>>>
>>> Thanks,
>>>
>>> VP
>>> oe Richards [MVP] wrote:
>>>
>>>> 1. What operating system are you working with?
>>>>
>>>> 2. You can not add privileges to a userid on the fly, you must add 
>>>> them, then the ID must log off and log on to get them in their 
>>>> token. Then they can be enabled for use if needed. I.E. You can not 
>>>> run one program that sets the privs, then uses them. The user must 
>>>> always have those privs. This is why I ask what OS you are working 
>>>> with. XP and 2003 help.
>>>>
>>>> -- 
>>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>>> www.joeware.net
>>>>
>>>>
>>>>
>>>> Victor Pereira wrote:
>>>>
>>>>> Hi i'm trying to do a RunAs program and i have some doubts:
>>>>>
>>>>> 1 - Can i run it without a service ? Just calling :
>>>>>
>>>>> LogonUser - to get a user token
>>>>> DuplicateTokenEx - To duplicate my userīs token and set the 
>>>>> permissions TOKEN_ADJUST_PRIVILEGIES and TOKEN_QUERY
>>>>> AdjustTokenPrivilegies - To set SE_TCB_NAME privilegies
>>>>> CreateProcessAsUser - To run my process as a specifc user.
>>>>>
>>>>>
>>>>> Because iīm receiving an error 1300 (decimail), which means "Not 
>>>>> all privileges referenced are assigned to the caller".
>>>>>
>>>>> 2 - Can i adjust privilegies on an userīs token ? or i just can set 
>>>>> privilegies on a processīs token ?
>>>>>
>>>>>
>>>>> Thanks in advance,
>>>>>
>>>>> Victor Pereira

• Previous message: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• In reply to: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• Next in thread: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• Reply: Victor Pereira: "Re: CreateProcessAsUser Doubt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]