Re: How to get the owner of a process?
From: Pavel Lebedinsky [MSFT] (pavel_at_online.microsoft.com)
Date: 06/16/05
- Next message: Jan Peter Stotz: "Re: EFS symmetric algorithm"
- Previous message: Pavel Lebedinsky [MSFT]: "Re: A strange problem with Service ..."
- In reply to: Sudhakar Govindavajhala: "How to get the owner of a process?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Jun 2005 00:33:49 -0700
By default, security descriptors of tokens for regular (non-system,
non-admin) users don't give any access to Administrators. And
SeDebugPrivilege doesn't help because it only works for processes
and threads, not tokens.
You could move your code into a service running as System.
System should have query rights on most tokens.
Another option is to use WTSEnumerateProcesses. This seems
to work on all current OSes (that is, admins can query the SIDs
for all processes in the system). The problem with this approach
is that I'm not sure whether the fact that it works is by design, or
just an artifact of the current implementation.
-- This posting is provided "AS IS" with no warranties, and confers no rights. "Sudhakar Govindavajhala" wrote: > I am having trouble in finding out who the owner of a process is, > orogrammatically. Can someone help? I am admin of the machine and I am > running with debug privilege enabled. I am not able to open the process > token for me to query it. > It works for lsass.exe. But it fails for alg.exe owned by NT Auth\Local > service. I get access denied error for alg.exe
- Next message: Jan Peter Stotz: "Re: EFS symmetric algorithm"
- Previous message: Pavel Lebedinsky [MSFT]: "Re: A strange problem with Service ..."
- In reply to: Sudhakar Govindavajhala: "How to get the owner of a process?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
