Re: CreateProcessWithLogonW fails in custom GINA
From: Yu Chen [MS] (yuchen_at_online.microsoft.com)
Date: Mon, 16 Aug 2004 10:17:36 -0700
This is a known issue in Windows Server 2003 and XPSP2 - the
CreateProcessWithLogonW API is changed to better handle the new process' use
of desktop by utilizing "Logon Sid" in the caller's token. However the local
system token (under which your GINA is running) doesn't have a "Logon sid"
so the API failed when caller is local system.
You can use LogonUser and CreateProcessAsUser to achieve the same thing.
-- Yu Chen [MS] This posting is provided "AS IS" with no warranties, and confers no rights. "Mike P." <Mike P.@discussions.microsoft.com> wrote in message news:CCABCFA4-814A-4AC5-900E-A831B43A1A3B@microsoft.com... > I am using a custom GINA which calls CreateProcessWithLogonW when machine is > logged off and idle to update software from a network location. The user > credentials it submits to the API are in the local administrators group and > can read network resources. Before service pack 2 this worked fine. Now it > fails with error 5 (access denied).