LOGON32_LOGON_NETWORK_CLEARTEXT, ImpersonateLoggedOnUser and access HKLM

• Previous message: Eduard Koller [MSFT]: "Re: Encryption using CryptEncryptMessage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 31 May 2005 11:13:45 -0700

Hi,

I have the problem with accessing
"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook" from
impersonated thread.

RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Clients\\Mail\\Microsoft
Outlook"), STANDARD_RIGHTS_READ | KEY_QUERY_VALUE)
returns "Either a required impersonation level was not provided, or the
provided impersonation level is invalid.".

I test my code on Win2000 Server SP4, WinXP SP2 and Win2003 SP1. My
code does LogonUser(.., LOGON32_LOGON_NETWORK_CLEARTEXT,
LOGON32_PROVIDER_WINNT50) for a domain user and then calls
ImpersonateLoggedOnUser. After these calls it reads HKLM.

If interactively logged on user is from "LocalMachine\Administrators"
groups then RegOpenKeyEx(HKEY_LOCAL_MACHINE,...) returns ERROR_SUCCESS.
But if interactively logged on user is NOT from
"LocalMachine\Administrators" (for ex. from ""LocalMachine\Power
Users"") then RegOpenKeyEx(HKEY_LOCAL_MACHINE,...) returns "Either a
required impersonation level was not provided, or the provided
impersonation level is invalid.".

In both cases impersonation level of token is SecurityImpersonation.

What is the difference between two ways?

Thank you.

Sergei M. Zinovyev

• Previous message: Eduard Koller [MSFT]: "Re: Encryption using CryptEncryptMessage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]