Running a program as another user on Win32

Mark Hammond mhammond at
Tue Nov 9 23:14:34 CET 1999

emuller at wrote in message <809ea4$ln$1 at>...
>I am writing a bunch of scripts that will need to run as Administrator
>(Domain Administrator) on Windows NT 4.0 workstation clients that
>belong to an NT domain. I've tried using LogonUser, but I always get
>the following: pywintypes.api_error: (1314, 'LogonUser', ' A required
>privilege is not held by the client.'). I've also tried using LogonUser
>with the local Administrator account on my NT machine with no luck.

You need to explicitely enable the privilege.  The following function should
do the job.  The documentation on CreateProcessAsUser is vague, and I dont
have time to test it.  It appears you need some or all of the following
privileges (all from the ntsecuritycon module): SE_ASSIGNPRIMARYTOKEN_NAME,

def AdjustPrivilege(priv, enable = 1):
    # Get the process token.
    htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
    # Get the ID for the privilege.
    id = win32security.LookupPrivilegeValue(None, priv)
    # Now obtain the privilege for this process.
    # Create a list of the privileges to be added.
    if enable:
        newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
        newPrivileges = [(id, 0)]
    # and make the adjustment.
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)


More information about the Python-list mailing list