Warning! Newbie issue - Impersonating a user on Win32
dglenn at charter.net
Thu Jan 16 13:13:16 CET 2003
On Thursday 16 January 2003 02:03, Roger Upole wrote:
> The LogonUser works for me on Win2k.
> According to the SDK docs, the calling process needs SE_TCB_NAME
> and "in some cases" SE_CHANGE_NOTIFY_NAME. You might want to try
> giving yourself both of them before the call.
> Also, the 'foo' user needs SE_INTERACTIVE_LOGON_NAME.
Ok, so let me see if I am clear on this. I need to adjust the calling
users priviledges prior to attempting the login? And the login ID needs
to have a SE_INTERACTIVE_LOGON_NAME.
So far so good :) Now what would I need to look for in secpol.msc to
ensure the called user has that priviledge?
If it is innoculous enough, I can request we can change the policy to
grant users those particular rights. The SE_TCB_NAME appears
suspiciously like the permission to run as system process. I am getting
the errors running as a Admin equivilant myself, so I am wondering how
your settings look in the local user policy to enable it to work. Would
it be possible for you to dump that section or send me a screenshot?
I am looking for a solution to launch install programs for our remote
offices off the WAN without granting them Administrative rights.
Thank you for the feedback!
More information about the Python-list