Re: SHFileOperation Problem

Hello Kellie,

First of all, thank you very much for your comprehensive reply!

I've been trying to have this work for a few hours now and don't seem to be
able to. Here is what I've got so far:

- LogonUserEx - OK
- ImpersonateLoggedOnUser - OK
- CreateProcessAsUser - "Client privileges not held" error

What I've been struggling with is on how to give the required privileges
to the user token. As I understand I need the following privileges/rights on
the user access token for the CreateProcessAsUser() function to work:


And the process that calls the CreateProcessAsUser() must have the
following privileges:


Now, the latter privileges I can definetly manage easily but I couldn't
find any way to give my Token (the one that I got as a result of the
LogonUserEx function) the required access rights (Query, Duplicate and
Assign Primary..) to be able to call the CreateProcessAsUser() function.

I'm sorry this newb post of mine but I really don't have any experience in
dealing with the Windows Security System. So I'm struggling quite a bit on
this area...

Thanks again for all the help,

Marcelo Grossi

Relevant Pages

  • Re: CreateProcessAsUser error "the client does not have the required priviledges"
    ... I understand what you are saying about granting privileges ... on original user but I don't know how to do this. ... use LogonUser again to call CreateProcessAsUser? ...
    ... Please note following lines from CreateProcessAsUser remark section: ... the process that calls the CreateProcessAsUser function must have the SE_ASSIGNPRIMARYTOKEN_NAME and ... SE_INCREASE_QUOTA_NAME privileges. ...
  • Re: Redirecting sdtin, stdout, stderr from an already running process
    ... The issue at hand is that we wish to start a process under another user's credentials with redirected I/O, without displaying a new window for that process. ... this is accomplished by calling Process.Startwith a ProcessStartInfo structure whose property "CreateNoWindow" is set to true and whose "Redirect*" properties are set to appropriate values. ... In order to use CreateProcessAsUser() successfully, the caller must hold the SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME privileges. ...
  • CreateProcessAsUser (error 1314)
    ... I have a problem with CreateProcessAsUser. ... My application needs to change the privileges to administrator privileges of ... bUserAuth = false; ... ZeroMemory(&si, sizeof(si)); ...
  • Named Pipe Impersonation -> CreateProcessAsUser();
    ... of the named pipe. ... create a new process with these nice privileges. ... ConnectNamedPipe<-- yada yada wait for connection ... access, then call CreateProcessAsUser(); ...