ImpersonateLoggedOnUser and SetFileAttributes
- From: "Sebastian Bargmann" <sorry@xxxxxxx>
- Date: Mon, 25 Sep 2006 22:14:46 +0200
I'm having some trouble with impersonating and SetFileAttributes. I'm
getting access, but I shouldn't!
I have created a file with only one ACE defined, granting r/w access to a
normal user (i.e. non-admin).
The local administrator is correctly denied access if he tries to change
file attributes from explorer. If he calls SetFileAttributes he's also
If I try SetFileAttributes with LocalSystem, I get access denied.
But if LocalSystem impersonates local administrator and calls
SetFileAttributes, access is granted (which it shouldn't be!) and
SetFileAttributes is successful.
The code looks like this (error checking and cleanup omitted for brevity):
LogonUserW("administrator", NULL, "password",
LOGON32_LOGON_NETWORK_CLEARTEXT, LOGON32_PROVIDER_DEFAULT, &token);
This happens on both XP and Win2K
What am I missing??