Re: CreateProcessAsUser Doubt

From: Jordi Gou (jgou_at_ntr.es)
Date: 07/16/04


Date: Fri, 16 Jul 2004 18:42:10 +0200

What are you exactly saying when say that you have to log off after put
privileges?

"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:ejedZFKYEHA.3716@TK2MSFTNGP10.phx.gbl...
> Did you set it on the domain or on the PC itself?
>
> Did the user logoff and logon after getting the priv?
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
>
> Victor Pereira wrote:
> > Mmm.. stange, because my user has the SE_TCB_NAME priv, and itīs not
> > working :-(
> >
> > Anyway, thanks for your help!
> >
> > VP
> > Joe Richards [MVP] wrote:
> >
> >> This is why I asked what OS you are using and you responded XP.
> >>
> >> If that is the case, then you have to make sure that the userid who
> >> will fire the app has the SE_TCB_NAME priv before they log on and run
> >> your app (i.e you can't do that on the fly). No other way than to set
> >> up a service that proxies the calls like runas and SU (from reskit)
> >> does it.
> >>
> >> --
> >> Joe Richards Microsoft MVP Windows Server Directory Services
> >> www.joeware.net
> >>
> >>
> >>
> >> Victor Pereira wrote:
> >>
> >>> Joe CreateProcessWithLogonW() is supported just by windows xp,2000
> >>> and 2003.Living in a third world, i must support winnt 4 :-(
> >>>
> >>> Thanks,
> >>>
> >>> VP
> >>>
> >>> Joe Richards [MVP] wrote:
> >>>
> >>>> In that case, you don't need privilege and you should probably use
> >>>> CreateProcessWithLogonW as it is much easier to deal with. My CPAU
> >>>> (located on free win32 tools page of www.joeware.net) also uses that
> >>>> call.
> >>>>
> >>>> joe
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Joe Richards Microsoft MVP Windows Server Directory Services
> >>>> www.joeware.net
> >>>>
> >>>>
> >>>>
> >>>> Victor Pereira wrote:
> >>>>
> >>>>> Hi joe, iīm using WinXP
> >>>>>
> >>>>> Thanks,
> >>>>>
> >>>>> VP
> >>>>> oe Richards [MVP] wrote:
> >>>>>
> >>>>>> 1. What operating system are you working with?
> >>>>>>
> >>>>>> 2. You can not add privileges to a userid on the fly, you must add
> >>>>>> them, then the ID must log off and log on to get them in their
> >>>>>> token. Then they can be enabled for use if needed. I.E. You can
> >>>>>> not run one program that sets the privs, then uses them. The user
> >>>>>> must always have those privs. This is why I ask what OS you are
> >>>>>> working with. XP and 2003 help.
> >>>>>>
> >>>>>> --
> >>>>>> Joe Richards Microsoft MVP Windows Server Directory Services
> >>>>>> www.joeware.net
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Victor Pereira wrote:
> >>>>>>
> >>>>>>> Hi i'm trying to do a RunAs program and i have some doubts:
> >>>>>>>
> >>>>>>> 1 - Can i run it without a service ? Just calling :
> >>>>>>>
> >>>>>>> LogonUser - to get a user token
> >>>>>>> DuplicateTokenEx - To duplicate my userīs token and set the
> >>>>>>> permissions TOKEN_ADJUST_PRIVILEGIES and TOKEN_QUERY
> >>>>>>> AdjustTokenPrivilegies - To set SE_TCB_NAME privilegies
> >>>>>>> CreateProcessAsUser - To run my process as a specifc user.
> >>>>>>>
> >>>>>>>
> >>>>>>> Because iīm receiving an error 1300 (decimail), which means "Not
> >>>>>>> all privileges referenced are assigned to the caller".
> >>>>>>>
> >>>>>>> 2 - Can i adjust privilegies on an userīs token ? or i just can
> >>>>>>> set privilegies on a processīs token ?
> >>>>>>>
> >>>>>>>
> >>>>>>> Thanks in advance,
> >>>>>>>
> >>>>>>> Victor Pereira



Relevant Pages

  • Re: CreateProcessAsUser Doubt
    ... CreateProcessWithLogonW as it is much easier to deal with. ... Victor Pereira wrote:> Hi joe, ... You can not add privileges to a userid on the fly, you must add>> them, then the ID must log off and log on to get them in their token. ... >> Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.platformsdk.security)
  • Re: CreateProcessAsUser Doubt
    ... You can not add privileges to a userid on the fly, you must add them, then ... The user must always have those privs. ... Victor Pereira wrote: ... > DuplicateTokenEx - To duplicate my userīs token and set the permissions ...
    (microsoft.public.platformsdk.security)