|
sponsored links |
|
|
sponsored links
|
|
1
20th June 03:53
External User
Posts: 1
|
creating a noniteractive process as a different user
Hello,
I'm trying to make su.exe work on NT4 but without luck. How can one create a noninteractive process with privileged rights giving the user\domain and password? Are there examples? -Hanspeter |
|
|
|
2
20th June 03:53
External User
Posts: 1
|
creating a noniteractive process as a different user
http://www.microsoft.com/msj/0200/logon/logon.aspx
-- Alex Fedotov |
|
|
|
3
20th June 03:53
External User
Posts: 1
|
creating a noniteractive process as a different user
Well, I should have said I want an interactive process. So I found
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/starting_an_interactive_client_process.asp With my own account this works. But with other accounts CreateUserAsProcess returns ERROR_PRIVILEGE_NOT_HELD. What are the requirements for CreateProcessAsUsers to succeed? -Hanspeter |
|
|
|
4
28th June 05:28
External User
Posts: 1
|
creating a noniteractive process as a different user
This is from MSDN:
"Typically, the process that calls the CreateProcessAsUser function must have the SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME privileges. However, if hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required." -- Alex Fedotov |
|
|
|
5
28th June 05:28
External User
Posts: 1
|
creating a noniteractive process as a different user
I have now set SE_TCB_NAME, SE_ASSIGNPRIMARYTOKEN_NAME and
SE_INCREASE_QUOTA_NAME, but I still have no luck. The token is created by LogonUser with LOGON32_LOGON_INTERACTIVE. So it shouldn't be restricted. -Hanspeter |
|
|
Linear Mode
