System Service: Allow Admins to Impersonate User for Recovery
- From: Jeffrey Walton <noloader@xxxxxxxxx>
- Date: Mon, 30 May 2011 10:14:25 -0700 (PDT)
Hi All,
I'm working with a suite which allows users to work with encrypted
data. The data is encrypted under a key which is encrypted with DPAPI
(ie, tied to a user's account). So the user calls CryptUnprotectData
to retrieve their bulk encryption key, and then performs bulk
encryption using that key.
The software needs to allow an administrator to recover the encrypted
data. I believe that means an administrator needs to be able to call
CryptUnprotectData under a user's context to recover the key.
Is there an API call which allows a System Service to impersonate a
user *without* the user's password? Or do I need to look to other
functions/methods for the recovery effort?
Thanks in advance,
Jeff
.
- Follow-Ups:
- Re: System Service: Allow Admins to Impersonate User for Recovery
- From: FromTheRafters
- Re: System Service: Allow Admins to Impersonate User for Recovery
- Prev by Date: Re: Call for Papers
- Next by Date: Re: System Service: Allow Admins to Impersonate User for Recovery
- Previous by thread: Re: Call for Papers
- Next by thread: Re: System Service: Allow Admins to Impersonate User for Recovery
- Index(es):
Relevant Pages
|
