CreateProcessAsUser doesn't work correctly in my experiments
I am trying to do the following: 1. I have logged in as an administrator account on my SP2 machine running VS.NET 2005 2. This machine also has another account user1, which is a guest account 3. I run the program as Administrator, from of this program, I want to start the notepad.exe process, which will run under the security context user1 4. I specifically want to use CreateProcessasUser
for this.
This is the code that will explain what I was trying.
const string GRANTED_ALL = "10000000";
const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_DEFAULT = 0;
static IntPtr hToken = IntPtr.Zero;
static IntPtr hTokenDuplicate = IntPtr.Zero;
static void Main(string[] args)
{
int last_error = 0;
if(LogonUser("user1",null,"#welcome123",
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, out hToken))
{
last_error = Marshal.GetLastWin32Error();
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
STARTUPINFO si = new STARTUPINFO();
SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
last_error = 0;
last_error = Marshal.GetLastWin32Error();
if(DuplicateTokenEx(hToken,UInt32.Parse(GRANTED_ALL,System.Globalization.NumberStyles.HexNumber),
ref sa,SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
TOKEN_TYPE.TokenPrimary,out hTokenDuplicate))
{
last_error = 0;
last_error = Marshal.GetLastWin32Error();
CreateProcessAsUser(hTokenDuplicate, "d:\\san\\notepad.exe", null,
ref sa, ref sa, false, 0, IntPtr.Zero, "d:\\san", ref si, out pi);
last_error = 0;
last_error = Marshal.GetLastWin32Error();
}
}
last_error = 0;
last_error = Marshal.GetLastWin32Error();
if (hToken != IntPtr.Zero) CloseHandle(hToken);
if (hTokenDuplicate != IntPtr.Zero) CloseHandle(hTokenDuplicate);
}
For some reason this doesn't work. The function DuplicateTokenEx
returns as error code 1305 and I cannot figure out why ..
Instead DuplicateTokenEx
I also used DuplicateToken
, now CreateProcessasUser
returns error code 1308.
Can someone try to shed some light on this problem .. It seems to be a very simple thing, but I just can't get it right. [Please note that I specifically want LogonUser
, and then DuplicateToken
, and then CreateProcessasUser
]
source to share
See CreateProcessAsUser () windows and desktops .
But I suggest doing it in a controlled way:
...
using System.Diagnostics;
using System.Security;
...
...
string progPath = @"c:\WINNT\notepad.exe";
ProcessStartInfo startInfo = new ProcessStartInfo(progPath);
startInfo.WindowStyle = ProcessWindowStyle.Normal;
startInfo.UseShellExecute = false;
startInfo.UserName = "SomeUser";
SecureString password = new SecureString();
#region setting password
password.AppendChar('p');
password.AppendChar('a');
...
#endregion
startInfo.Password = password;
Process.Start(startInfo);
...
...
source to share