Warning! Newbie issue - Impersonating a user on Win32

Doug Glenn dglenn at charter.net
Thu Jan 16 13:13:16 CET 2003


On Thursday 16 January 2003 02:03, Roger Upole wrote:
> The LogonUser works for me on Win2k.
> According to the SDK docs, the calling process needs SE_TCB_NAME
> and "in some cases" SE_CHANGE_NOTIFY_NAME.  You might want to try
> giving yourself both of them before the call.
> Also, the 'foo' user needs SE_INTERACTIVE_LOGON_NAME.

Ok, so let me see if I am clear on this.  I need to adjust the calling 
users priviledges prior to attempting the login? And the login ID needs 
to have a SE_INTERACTIVE_LOGON_NAME.

So far so good :)  Now what would I need to look for in secpol.msc to 
ensure the called user has that priviledge? 

If it is innoculous enough, I can request we can change the policy to 
grant users those particular rights. The SE_TCB_NAME appears 
suspiciously like the permission to run as system process. I am getting 
the errors running as a Admin equivilant myself, so I am wondering how 
your settings look in the local user policy to enable it to work. Would 
it be possible for you to dump that section or send me a screenshot?

I am looking for a solution to launch install programs for our remote 
offices off the WAN without granting them Administrative rights. 

Thank you for the feedback!

-----
Doug





More information about the Python-list mailing list