Starting the process as user will not work on Win2012
-
Starting the process as user will not work on Win2012. Getting access Denied and user is an admin
Dim psi As New System.Diagnostics.ProcessStartInfo
psi.UseShellExecute = False
psi.WindowStyle = ProcessWindowStyle.Hidden
'Win2012 run as admin
psi.Verb = "runas"'This will not for Win2012 need to pass User as argument
'psi.Domain = Domain
'psi.UserName = UserName
'Dim pword As New System.Security.SecureString()
'For Each c As Char In Password
' pword.AppendChar(c)
'Next
'psi.Password = pword -
Starting the process as user will not work on Win2012. Getting access Denied and user is an admin
Dim psi As New System.Diagnostics.ProcessStartInfo
psi.UseShellExecute = False
psi.WindowStyle = ProcessWindowStyle.Hidden
'Win2012 run as admin
psi.Verb = "runas"'This will not for Win2012 need to pass User as argument
'psi.Domain = Domain
'psi.UserName = UserName
'Dim pword As New System.Security.SecureString()
'For Each c As Char In Password
' pword.AppendChar(c)
'Next
'psi.Password = pwordFor the last time, you do NOT need the
Verb = "runas"line at all. It does nothing in this context. In what context is this code running? Is it part of a Windows Service? A console app? A Windows Forms app? What? The code works fine as an admin user. It will NOT work if the user running this code is Local System.A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
For the last time, you do NOT need the
Verb = "runas"line at all. It does nothing in this context. In what context is this code running? Is it part of a Windows Service? A console app? A Windows Forms app? What? The code works fine as an admin user. It will NOT work if the user running this code is Local System.A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
it's a console app and user is admin user and even if I remove Verb = "runas" still getting the same issue
OK, now, is the app that you're trying to launch on a network share? If so, Does the user that you're impersonating have access to that share? What happens if you change the WindowStyle to Normal?
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
OK, now, is the app that you're trying to launch on a network share? If so, Does the user that you're impersonating have access to that share? What happens if you change the WindowStyle to Normal?
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave KreskowiakMaybe this details will help. SID1 have access to cmd.exe and shares. SID2 have access to DB . When I run this I am passing SID2 while accessing cmd.exe under SID1 psi.Domain = Domain psi.UserName = UserName Dim pword As New System.Security.SecureString() For Each c As Char In Password pword.AppendChar(c) Next psi.Password = pword Settings windows to normal don't help
-
Maybe this details will help. SID1 have access to cmd.exe and shares. SID2 have access to DB . When I run this I am passing SID2 while accessing cmd.exe under SID1 psi.Domain = Domain psi.UserName = UserName Dim pword As New System.Security.SecureString() For Each c As Char In Password pword.AppendChar(c) Next psi.Password = pword Settings windows to normal don't help
No, you're NOT accessing "CMD" as SID1 and as you've been told before, you don't need CMD.EXE. The process you are launching is done as the user you're impersonating. If that user doesn't have access to the shares you're going to get Access Denied. The process is not created as SID1. It's created as the user you're impersonating. A security context is first created for the user you're impersonating, then CreateProcessAsUser is called in that context to load the executable and setup the process. The problem is that the user you're impersonating cannot load the executable because it doesn't have access to the share where the executable is stored. Access Denied. You're going to have to grant access to the network location to the user you're impersonating for this to work.
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
No, you're NOT accessing "CMD" as SID1 and as you've been told before, you don't need CMD.EXE. The process you are launching is done as the user you're impersonating. If that user doesn't have access to the shares you're going to get Access Denied. The process is not created as SID1. It's created as the user you're impersonating. A security context is first created for the user you're impersonating, then CreateProcessAsUser is called in that context to load the executable and setup the process. The problem is that the user you're impersonating cannot load the executable because it doesn't have access to the share where the executable is stored. Access Denied. You're going to have to grant access to the network location to the user you're impersonating for this to work.
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
It's not the most accurate description of what happens behind the scenes, but it should be sufficient to get the point across.
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak