|
Posted by Paul Woodman on June 20, 2005, 5:16 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I've got a service running as Local System account that calls
CreateProcessWithLogonW to run a script as a certain administrator account.
Like so:
STARTUPINFOW si;
PROCESS_INFORMATION pi;
ZeroMemory( &si, sizeof(si) );
si.cb = sizeof(si);
ZeroMemory( &pi, sizeof(pi) );
CreateProcessWithLogonW(
L"admin", // username
NULL, // domain
L"admin", // password
0, // logon flags
NULL, // No application name (use command line)
&command[0], // command line
0, // No creation flags.
NULL, // Use parent's environment block.
NULL, // Use parent's starting directory.
&si, // Pointer to STARTUPINFO structure.
&pi ) // Pointer to PROCESS_INFORMATION structure.
)
This worked fine until Service Pack 2 was installed, now the call fails with
'Access is denied'. However, if i change the service to run as the same
'admin' account used in the Create.. call there is no problem. I'd rather
not have to do this.
Anyone else had similar problems and know of a better (proper) solution??
Thanks in advance
Paul
|
|
Posted by Paul Clement on June 20, 2005, 11:47 am
If you were Registered and logged in, you could reply and use other advanced thread options
¤ I've got a service running as Local System account that calls
¤ CreateProcessWithLogonW to run a script as a certain administrator account.
¤ Like so:
¤ STARTUPINFOW si;
¤ PROCESS_INFORMATION pi;
¤
¤ ZeroMemory( &si, sizeof(si) );
¤ si.cb = sizeof(si);
¤ ZeroMemory( &pi, sizeof(pi) );
¤
¤ CreateProcessWithLogonW(
¤ L"admin", // username
¤ NULL, // domain
¤ L"admin", // password
¤ 0, // logon flags
¤ NULL, // No application name (use command line)
¤ &command[0], // command line
¤ 0, // No creation flags.
¤ NULL, // Use parent's environment block.
¤ NULL, // Use parent's starting directory.
¤ &si, // Pointer to STARTUPINFO structure.
¤ &pi ) // Pointer to PROCESS_INFORMATION structure.
¤ )
¤
¤ This worked fine until Service Pack 2 was installed, now the call fails with
¤ 'Access is denied'. However, if i change the service to run as the same
¤ 'admin' account used in the Create.. call there is no problem. I'd rather
¤ not have to do this.
¤
¤ Anyone else had similar problems and know of a better (proper) solution??
Looks like this blurb was added to the function call doc:
"Windows XP SP2 and Windows Server 2003: You cannot call
CreateProcessWithLogonW from a process
that is running under the LocalSystem account, because the function uses the
logon SID in the caller
token, and the token for the LocalSystem account does not contain this SID. As
an alternative, use
the CreateProcessAsUser and LogonUser functions."
Paul
~~~~
Microsoft MVP (Visual Basic)
|
| Similar Threads | Posted | | pop up problems | March 29, 2005, 6:06 am |
| problems at a forum | February 28, 2005, 8:32 pm |
| Problems with flows | July 25, 2005, 8:26 pm |
| Re: Anonymizer problems | June 1, 2006, 3:45 pm |
| Re: Anonymizer problems | June 14, 2006, 12:07 pm |
| Need help with with Norton anti virus problems | March 3, 2005, 12:52 pm |
| windows xp professional login problems | June 2, 2005, 3:52 pm |
| Yahoo sites hit by availability problems | July 8, 2007, 3:46 pm |
| Problems with malware/virus with my norton antivirus 2003 | March 3, 2005, 12:55 pm |
| Sony BMG's copy-protection problems grow | November 20, 2005, 2:46 pm |
|
XML site map