win32security.LogonUser

John Abel john.abel at pa.press.net
Tue Jul 8 10:25:26 EDT 2003 

Hi,

Try adding the user running the script, to "Act As PartOf The OS" in the 
policy editor.  It seems that is required, for you to add/remove tokens.

Regards

John

Darrell wrote:

>On windows 2000 I tried to use winprocess.py with the login option.
>In an effort to run as a diffrent user.
>It didn't work and lots of searching didn't help.
>This was my best hit.
>http://www.faqts.com/knowledge_base/view.phtml/aid/4466
>
>Worked around the problem using runas.exe
>
>This is as far as I got.
>The following code tries to give me every Privilege it can then fails.
>pywintypes.error: (1314, 'LogonUser', 'A required privilege is not
>held by the client.')
>
>--Darrell
>
>
>import win32con, os, sys
>sys.path.append(os.sep.join(win32con.__file__.split(os.sep)[:-2])+os.sep+"demos")
>    
>import winprocess
>from ntsecuritycon import *
>import ntsecuritycon, win32security, win32api
>    
>def AdjustPrivilege(priv, enable = 1): 
>    print priv
>    # Get the process token. 
>    flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY |TOKEN_DUPLICATE|
>TOKEN_IMPERSONATE
>
>    #flags= TOKEN_QUERY 
>    htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
>flags)
>    # Get the ID for the privilege. 
>    try:
>        id = win32security.LookupPrivilegeValue(None, priv) 
>    except:
>        print 'Fail'
>        return
>    # Now obtain the privilege for this process. 
>    # Create a list of the privileges to be added. 
>    if enable: 
>        newPrivileges = [(id, SE_PRIVILEGE_ENABLED)] 
>    else: 
>        newPrivileges = [(id, 0)] 
>        # and make the adjustment. 
>    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges) 
>
># now set the rights 
>if 1:
>    for k, v in ntsecuritycon.__dict__.items():
>        if k.find("SE_")==0 and isinstance(v, str):
>            print k,
>            AdjustPrivilege(v)
>    
>AdjustPrivilege(SE_CHANGE_NOTIFY_NAME) 
>AdjustPrivilege(SE_TCB_NAME) 
>AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
>
>SE_INTERACTIVE_LOGON_NAME = "SeInteractiveLogonRight"
>#AdjustPrivilege(SE_INTERACTIVE_LOGON_NAME)
>
>if __name__ == '__main__':
>
>    # Pipe commands to a shell and display the output in notepad
>    print 'Testing winprocess.py...'
>
>    import tempfile
>
>    timeoutSeconds = 15
>    cmdString = """\
>REM      Test of winprocess.py piping commands to a shell.\r
>REM      This window will close in %d seconds.\r
>vol\r
>net user\r
>_this_is_a_test_of_stderr_\r
>""" % timeoutSeconds
>
>    cmd, out = tempfile.TemporaryFile(), tempfile.TemporaryFile()
>    cmd.write(cmdString)
>    cmd.seek(0)
>    print 'CMD.EXE exit code:', winprocess.run('cmd.exe', show=0,
>stdin=cmd, login=".\nuser\nuser1",#administrator\n",
>                                    stdout=out, stderr=out)
>    cmd.close()
>    print 'NOTEPAD exit code:', winprocess.run('notepad.exe %s' %
>out.file.name,
>                                    show=win32con.SW_MAXIMIZE,
>                                    mSec=timeoutSeconds*1000)
>    out.close()
>  
>

More information about the Python-list mailing list