Impersonation
-
Hello I would like to call ImpersonateLoggedOnUser to gain some extra rights for a particular task in my application. For the call I need an impersonation token. To get this I tried the LogonUser function, but I don't have enough privileges. Probably it's the SE_TCB_NAME privilege. If I inspect the results from GetTokenInformation it is true that I don't have that priv and hence cannot enable it. Does anyone know how to get a proper impersonation token. I've tried to call CreateProcessWithLogonW to create a dummy process as a different users, and with that process handle I can call OpenProcessToken to get a token to send to ImpersonateLoggedOnUser. This gives the expected result, but it is a verry uggly work around.
-
Hello I would like to call ImpersonateLoggedOnUser to gain some extra rights for a particular task in my application. For the call I need an impersonation token. To get this I tried the LogonUser function, but I don't have enough privileges. Probably it's the SE_TCB_NAME privilege. If I inspect the results from GetTokenInformation it is true that I don't have that priv and hence cannot enable it. Does anyone know how to get a proper impersonation token. I've tried to call CreateProcessWithLogonW to create a dummy process as a different users, and with that process handle I can call OpenProcessToken to get a token to send to ImpersonateLoggedOnUser. This gives the expected result, but it is a verry uggly work around.
-
Hello I would like to call ImpersonateLoggedOnUser to gain some extra rights for a particular task in my application. For the call I need an impersonation token. To get this I tried the LogonUser function, but I don't have enough privileges. Probably it's the SE_TCB_NAME privilege. If I inspect the results from GetTokenInformation it is true that I don't have that priv and hence cannot enable it. Does anyone know how to get a proper impersonation token. I've tried to call CreateProcessWithLogonW to create a dummy process as a different users, and with that process handle I can call OpenProcessToken to get a token to send to ImpersonateLoggedOnUser. This gives the expected result, but it is a verry uggly work around.
I think that Per Nilsson wrote: I tried the LogonUser function, but I don't have enough privileges and Per Nilsson wrote: that process handle I can call OpenProcessToken to get a token to send to ImpersonateLoggedOnUser are somehow contradictory. If the "different users" you are talking about has enough privileges to make a good token for
ImpersonateLoggedOnUser, you should also be able to use it forLogonUserand hence get the same sufficient privileges ... I think your call toLogonUsermust have failed somewhere ... ~RaGE();