Error when impersonate thread in kenel driver by using different user account logon
-
Dear All, I met a problem when access network shared files in the kernel driver. I always got a "Access Denied 0xc0000022" error. The senario is: 1. A Win2000 Domain; 2. User account "Acc" in this domain in Domain/Users group. 3. A Shared folder on a Server(win 2000) in this domain.( the Acc has the permission to full control to this shared folder) 4. A Computer(win2000) in this domain The steps are: 1. I logon to that computer using the domain account "Acc" 2. I start a app and send out an IOCTL from this app 3. Create a system thread in the driver after receive this IOCTL. and create a security client context. 4. When needed in the dispacth routine of this driver, impersonate the thread using the saved security client context then access the shared folder on that server in this domain. Always got an 0xC0000022 error. 5. But When I logon that computer using an adminstrator domain account. Then every thing ok. 6. even after logon under adminstrator's account then create the sytem thread and log out and relogon under the "Acc" account, this time I can access that share folder also. So, Is that I miss some configuration on the server or on the domain about privilage or security of that "Acc" account or server? What I should do? Does any one has any suggestion? Or is there any books or articles about those? I search on the web. still can not get whole picture about security and network resource access and user account and logon. Thanks Laura.