Re: CreateProcessWithLogonW error

---

• From: "Pavel Lebedinsky [MSFT]" <pavel@xxxxxxxxxxxxxxxxxxxx>
• Date: Sun, 22 Jan 2006 16:07:26 -0800

---

This is from the docs for CreateProcessWithLogonW:

---
Windows XP SP2 and Windows Server 2003: You cannot call
CreateProcessWithLogonW from a process that is running under the LocalSystem
account, because the function uses the logon SID in the caller token, and
the token for the LocalSystem account does not contain this SID. As an
alternative, use the CreateProcessAsUser and LogonUser functions.
---

--
This posting is provided "AS IS" with no warranties, and confers no
rights.

"a" <xxxxxxx@xxxxxxxxxxx> wrote:

> Hi,
>
> I have an Apache server running as a service on a Win XP SP2 machine, with
> php 5.1.2 installed. The Apache server is logged on as Local System.
>
> The Apache server runs a php script that is supposed to run an external
> process (let's say notepad.exe) but as a different user, for security
> reasons. Since php doesn't have a way to specify a Windows user, I use a
> PHP call to "exec" in order to run an intermediate process, in which I
> call CreateProcessWithLoginW with the credentials of a different user, to
> run notepad. For some reason this call fails with error code 5 (Access is
> denied). When I run this internediate process directly from the command
> line and logged on as admin, Notepad shows up just fine ( please see code
> below - it is a slightly modified MS sample)
>
> 1. any suggestions why the call to CreateProcessWithLogonW fails.
> 2. how costly is it to call CreateProcessWithLogonW with
> LOGON_WITH_PROFILE? Since this is a component of a web application,
> performance is quite important
> 3. Any other suggestions how to achieve the same result in a simpler
> and/or more efficient way?


.

---

• Follow-Ups:
  • Re: CreateProcessWithLogonW error
    • From: a

• References:
  • CreateProcessWithLogonW error
    • From: a

• Prev by Date: CreateProcessWithLogonW error
• Next by Date: Re: CreateProcessWithLogonW error
• Previous by thread: CreateProcessWithLogonW error
• Next by thread: Re: CreateProcessWithLogonW error
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: CreateProcessWithLogonW and ASP.NET ... > needs to run on Windows XP Pro, Windows Server 2000 ... > Then I turned my attention to CreateProcessWithLogonW. ... > for the length of time it takes the specified process to execute? ... (microsoft.public.dotnet.languages.csharp) Re: CreateProcessWithLogonW and ASP.NET ... I have an implementation that works fine from a WinForms or a console app, ... this is because CreateProcessWithLogonW is running in the ASPNET's user ... >> and Windows Server 2003. ... >> for the length of time it takes the specified process to execute? ... (microsoft.public.dotnet.languages.csharp) Re: CreateProcessAsUser Doubt ... Why i dont use CreateProcessWithLogonW: ... Requires Windows XP or Windows 2000 Professional. ... Server: Requires Windows Server 2003 or Windows 2000 Server. ... Unicode: Implemented only as Unicode. ... (microsoft.public.platformsdk.security) impersonate a process to access a specific remote server with a specific remote user ... identity of a specific remote user when accessing a specific remote server ... I use CreateProcessWithLogonW with the LOGON_NETCREDENTIALS_ONLY option but ... access all network ressources. ... specific server and the current logen on user otherwise. ... (microsoft.public.platformsdk.security) RE: phpBB Worm ... the getpwent function is not supported on Windows. ... it probably depends on the web server ... I looked at the decoded Perl script, ... was invoked by PHP, which should have the Web server's permissions, ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2006-01