LOGONUSER
-
Seems like the documentation says that the API call to Logonuser does not work under the Windows 2000 platform. If I have a username, domain, and password how do I get a token for impersonation? Better yet how do I impersonate this username and password if I don't use Logonuser Thanks
-
Seems like the documentation says that the API call to Logonuser does not work under the Windows 2000 platform. If I have a username, domain, and password how do I get a token for impersonation? Better yet how do I impersonate this username and password if I don't use Logonuser Thanks
Humm.. I don't see where it seems that at all. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp[^] Windows 2000: The process calling LogonUser requires the SE_TCB_NAME privilege. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD. In some cases, the process that calls LogonUser must also have the SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for the local system account or accounts that are members of the administrators group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable it for everyone. For more information about privileges, see Privileges. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconImpersonatingReverting.asp[^] progload
-
Humm.. I don't see where it seems that at all. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp[^] Windows 2000: The process calling LogonUser requires the SE_TCB_NAME privilege. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD. In some cases, the process that calls LogonUser must also have the SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for the local system account or accounts that are members of the administrators group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable it for everyone. For more information about privileges, see Privileges. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconImpersonatingReverting.asp[^] progload
-
I think I am on the right track. Where do I get a list of what all of these codes mean. I am geeting a failure code of 1314 when I run LogonUser. Thanks
-
ERROR_PRIVILEGE_NOT_HELD 1314 A required privilege is not held by the client. Here is where to find them: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes__1300-1699_.asp[^] progload