|
Posted by Skywing on February 8, 2006, 10:10 am
If you were Registered and logged in, you could reply and use other advanced thread options
It doesn't actually create a remote session.
It does create a new logon session (the token gets its own AuthenticationId
and all of the normal restrictions associated with a new logon session apply
to it, like ExitWindowsEx may not work as you might think and if you are
running on Windows XP or later, drive shares from the parent logon session
will not be visible).
All this function does is replace the *default remote credentials* used if
the token is used in conjunction with a remote machine. It doesn't even try
to validate the credentials when you call the function, so you could pass a
totally invalid username/password/domain and you wouldn't know that anything
went wrong until you actually tried to use that token to access some kind of
network resource that requires valid credentials.
> Hi,
> How does runas with a /netonly option create a login session? As per my
> understanding, a logon session is not created on the local machine when a
> /netonly option is used. Hence, I understand that whenever the process
> launched with /netonly option touches any network resource, a session is
> made upon that resource with the credentials specified in the runas
> command.
>
> What API/mechanism is used to create such a remote session? I know
> CreateProcessAsLogonW with LOGON_NETCREDENTIALS_ONLY option manages this,
> but my requirement is to do the similar thing without lauching another
> process. I need this so that untrusted domain accounts can be used to run
> tasks without requiring a logon and impersonation on my local machine.
>
> Thanks in advance,
> Madhu
>
| 
XML site map