Running a program as another user on Win32

Mark Hammond mhammond at skippinet.com.au
Tue Nov 9 17:14:34 EST 1999


emuller at painewebber.com wrote in message <809ea4$ln$1 at nnrp1.deja.com>...
>I am writing a bunch of scripts that will need to run as Administrator
>(Domain Administrator) on Windows NT 4.0 workstation clients that
>belong to an NT domain. I've tried using LogonUser, but I always get
>the following: pywintypes.api_error: (1314, 'LogonUser', ' A required
>privilege is not held by the client.'). I've also tried using LogonUser
>with the local Administrator account on my NT machine with no luck.

You need to explicitely enable the privilege.  The following function should
do the job.  The documentation on CreateProcessAsUser is vague, and I dont
have time to test it.  It appears you need some or all of the following
privileges (all from the ntsecuritycon module): SE_ASSIGNPRIMARYTOKEN_NAME,
SE_INCREASE_QUOTA_NAME TOKEN_DUPLICATE, TOKEN_IMPERSONATE

def AdjustPrivilege(priv, enable = 1):
    # Get the process token.
    flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
    htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
flags)
    # Get the ID for the privilege.
    id = win32security.LookupPrivilegeValue(None, priv)
    # Now obtain the privilege for this process.
    # Create a list of the privileges to be added.
    if enable:
        newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
    else:
        newPrivileges = [(id, 0)]
    # and make the adjustment.
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)

Mark.






More information about the Python-list mailing list