Re: Windows Security vs. Application Security

From: David Cross [MS] (
Date: 01/20/05

Date: Thu, 20 Jan 2005 05:31:58 -0800

are you calling LoadUserProfile after impersonating the user?

David B. Cross [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
Top Whitepapers:
Auto-enrollment whitepaper:
Best Practices for implementing Windows Server 2003 PKI:
Troubleshooting Certificate Status and Revocation whitepaper:
Windows Server 2003 web enrollment and troubleshooting guide:
Windows Server 2003 web enrollment and troubleshooting guide:
"Rami Jaschek" <> wrote in message
> We are developing a client sever application that generates files on a 
> common
> server. We wish for the application to be able to generate(/delete) files 
> in
> directories where the users have no permission to generate(/delete) files.
> The problem is that the security context of the application is the same as
> the logged in user running the application.
> Two solutions we tried and ran into problems with:
> A. Impersonation - we can switch to a different user context inside the
> application - but this has many side effects (such as suddenly not seeing 
> the
> default printer for that user).
> B. Sepcific agents - as the file access is needed in many places in the
> software and we write a lot - that creates both inconvenience for the
> developers and a bottleneck.
> Suggestions?