Re: CreateProcessAsUser Doubt

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 07/03/04


Date: Fri, 02 Jul 2004 21:54:29 -0400

Did you set it on the domain or on the PC itself?

Did the user logoff and logon after getting the priv?

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Victor Pereira wrote:
> Mmm.. stange, because my user has the SE_TCB_NAME priv, and itīs not 
> working :-(
> 
> Anyway, thanks for your help!
> 
> VP
> Joe Richards [MVP] wrote:
> 
>> This is why I asked what OS you are using and you responded XP.
>>
>> If that is the case, then you have to make sure that the userid who 
>> will fire the app has the SE_TCB_NAME priv before they log on and run 
>> your app (i.e you can't do that on the fly). No other way than to set 
>> up a service that proxies the calls like runas and SU (from reskit) 
>> does it.
>>
>> -- 
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> www.joeware.net
>>
>>
>>
>> Victor Pereira wrote:
>>
>>> Joe CreateProcessWithLogonW() is supported just by windows xp,2000 
>>> and 2003.Living in a third world, i  must support winnt 4 :-(
>>>
>>> Thanks,
>>>
>>> VP
>>>
>>> Joe Richards [MVP] wrote:
>>>
>>>> In that case, you don't need privilege and you should probably use 
>>>> CreateProcessWithLogonW as it is much easier to deal with. My CPAU 
>>>> (located on free win32 tools page of www.joeware.net) also uses that 
>>>> call.
>>>>
>>>>   joe
>>>>
>>>>
>>>>
>>>> -- 
>>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>>> www.joeware.net
>>>>
>>>>
>>>>
>>>> Victor Pereira wrote:
>>>>
>>>>> Hi joe, iīm using WinXP
>>>>>
>>>>> Thanks,
>>>>>
>>>>> VP
>>>>> oe Richards [MVP] wrote:
>>>>>
>>>>>> 1. What operating system are you working with?
>>>>>>
>>>>>> 2. You can not add privileges to a userid on the fly, you must add 
>>>>>> them, then the ID must log off and log on to get them in their 
>>>>>> token. Then they can be enabled for use if needed. I.E. You can 
>>>>>> not run one program that sets the privs, then uses them. The user 
>>>>>> must always have those privs. This is why I ask what OS you are 
>>>>>> working with. XP and 2003 help.
>>>>>>
>>>>>> -- 
>>>>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>>>>> www.joeware.net
>>>>>>
>>>>>>
>>>>>>
>>>>>> Victor Pereira wrote:
>>>>>>
>>>>>>> Hi i'm trying to do a RunAs program and i have some doubts:
>>>>>>>
>>>>>>> 1 - Can i run it without a service ? Just calling :
>>>>>>>
>>>>>>> LogonUser - to get a user token
>>>>>>> DuplicateTokenEx - To duplicate my userīs token and set the 
>>>>>>> permissions TOKEN_ADJUST_PRIVILEGIES and TOKEN_QUERY
>>>>>>> AdjustTokenPrivilegies - To set SE_TCB_NAME privilegies
>>>>>>> CreateProcessAsUser - To run my process as a specifc user.
>>>>>>>
>>>>>>>
>>>>>>> Because iīm receiving an error 1300 (decimail), which means "Not 
>>>>>>> all privileges referenced are assigned to the caller".
>>>>>>>
>>>>>>> 2 - Can i adjust privilegies on an userīs token ? or i just can 
>>>>>>> set privilegies on a processīs token ?
>>>>>>>
>>>>>>>
>>>>>>> Thanks in advance,
>>>>>>>
>>>>>>> Victor Pereira


Relevant Pages