Re: CreateProcessAsUser error "the client does not have the required priviledges"
From: Jordi Gou (jgou_at_ntr.es)
Date: Tue, 20 Jul 2004 09:46:32 +0200
CreateProcessWithLogonW doesn't exist on Windows NT 4 and my setup has to
support this OS. I understand what you are saying about granting privileges
on original user but I don't know how to do this.
I will look for how I can grant the privleges of an user, but later should I
use LogonUser again to call CreateProcessAsUser?
"Yu Chen [MS]" <firstname.lastname@example.org> wrote in message
> Even though in your code you impersonated the administrator account, the
> CreateProcessAsUser API is checking for the 2 privileges against the
> token (not the impersonated thread token), which is the original user
> account you logged in - thus you got the "privilege not held" error.
> So you need to grant the privileges to the original user account you log
> with - but that requires you to log off and log back to take effect.
> Why don't you use the CreateProcessWithLogonW API?
> Yu Chen [MS]
> This posting is provided "AS IS" with no warranties, and confers no
> "Jordi Gou" <email@example.com> wrote in message
> > Ok, perfect, but how can I do this? Do I need to call RejectToSelf and
> > LogonUser again? Where? Will token have these new privileges when I call
> > LogonUser again? If it's yes, do I have to remove it after program
> > execution?
> > My code is like this:
> > LogonUser (so, now I have an administrator token)
> > ImpersonateLoggedUser (my process have administrator privileges)
> > DuplicateTokenEx (I obtain a new primary token that have administrator
> > privileges)
> > AddAndEnablePrivileges (add and enable SE_ASSIGNPRIMARYTOKEN_NAME and
> > SE_INCREASEQUOTA_NAME privileges that are needed to call
> > CreateProcessAsUser)
> > CreateProcessAsUser (it fails, error 1314 "the client doesn't have the
> > required privileges")
> > Thanks
> > Jordi