Re: GetFileSecurity return ERROR_ACCESS_DENIED

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/07/05

• Next message: Roger Abell [MVP]: "Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes"
• Previous message: Nahanni: "GetFileSecurity return ERROR_ACCESS_DENIED"
• In reply to: Nahanni: "GetFileSecurity return ERROR_ACCESS_DENIED"
• Next in thread: Nahanni: "Re: GetFileSecurity return ERROR_ACCESS_DENIED"
• Reply: Nahanni: "Re: GetFileSecurity return ERROR_ACCESS_DENIED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 7 Oct 2005 00:20:06 -0700

I believe you should be asking in either the MSDN forums or
in one of the inetserver newsgroups. However, I notice that
your first paragraph's conclusion
> so it is executed under the account of the user
> that launched Internet Explorer (a domain user).
is not necessarily true, for example, when the web is not
configured for non-anonymous access.

"Nahanni" <nahannif@yahoo.com> wrote in message
news:sj5ck1d5e65ughraj29rp3ub29duvhsh80@4ax.com...
> Hi,
>
> I am working on a C CGI application running under IIS6 (W2K3). The
> security for this CGI is "Windows Integrated Authentification"
> (Challenge/Response), so it is executed under the account of the user
> that launched Internet Explorer (a domain user).
>
> In that CGI, I need to execute functions such as "CreateFile" or
> "GetFileSecurity" on files through the network (drive mapped or UNC).
> These functions return ERROR_ACCESS_DENIED error code.
>
> Question 1 : Why these functions return ERROR_ACCESS_DENIED ?
>
>
> In order to make these functions works, I try to impersonate the user
> by using "LogonUser" and "ImpersonateLoggedOnUser" with hard coded
> username and password. It works but it is not a possible solution as I
> can't hard code all username and password.
>
> Then I tried to call "ImpersonateLoggedOnUser" with a user token get
> with OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, hToken).
> "GetTokenInformation" return the correct user name and Impersonation
> works, but I sill have ERROR_ACCESS_DENIED.
>
> Question 2 : Why "LogonUser" + "ImpersonateLoggedOnUser" make my code
> work and not "OpenProcessToken" + "ImpersonateLoggedOnUser" ?
>
>
> I hope to be clear.
>
> Thank you for your help.
>
> Dominique
>

---

• Next message: Roger Abell [MVP]: "Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes"
• Previous message: Nahanni: "GetFileSecurity return ERROR_ACCESS_DENIED"
• In reply to: Nahanni: "GetFileSecurity return ERROR_ACCESS_DENIED"
• Next in thread: Nahanni: "Re: GetFileSecurity return ERROR_ACCESS_DENIED"
• Reply: Nahanni: "Re: GetFileSecurity return ERROR_ACCESS_DENIED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Sharing Drives ... There is one thing that can be done create a user account on each workgroup ... machine with the name username and password as the Domain user. ... (microsoft.public.windowsxp.security_admin) Mapping drive issue ... My account is set up as a domain user. ... When I try to map C$ on any computer ... on our network I'm asked for a username and password. ... (microsoft.public.win2000.active_directory) Mapping drive issue ... My account is set up as a domain user. ... When I try to map C$ on any computer ... on our network I'm asked for a username and password. ... (microsoft.public.win2000.security) Re: Entourage - Exchange 2003 Unable to connect to Exchange ... Can you get the username and password verified? ... Using the wizard, you're going to have to provide... ... email address for the account. ... username (domain user name, ... (microsoft.public.mac.office.entourage) Re: GetFileSecurity return ERROR_ACCESS_DENIED ... >> that launched Internet Explorer (a domain user). ... >configured for non-anonymous access. ... >> can't hard code all username and password. ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)