Re: system user

Look for "Client impersonation" in the SDK documentation. The API you want is probably ImpersonateLoggedOnUser, though it might be a bit trickier if you're trying to do this from a kernel mode driver.

zengfeng wrote:
"have the LOCAL SYSTEM process impersonate that user ",this is my need.But
I don't know how to do ,can y tell me?
"Ray Trent" <ratrent@xxxxxxxxxxxxx>
??????:#kWFsuQQFHA.3704@xxxxxxxxxxxxxxxxxxxxxxx

The SYSTEM account has unlimited privileges (typically) on the local
machine, but it has no credentials at all on some other host out there
in the world, as far as I know. Hence it is usually referred to as the
LOCAL SYSTEM account (though now that I look I don't see anything like
that in the user namespace... instead it seems to be SYSTEM).

Theoretically you might be able to grant access to "<hostname>\\SYSTEM"
on the files that you want to access on the network, but a better
solution (especially in a domain) would be to have an actual user
account, very much preferably that of the user that is actually logged
in, and grant that account access. Then have the LOCAL SYSTEM process
impersonate that user when trying to access the file.

I'm guessing that the reasoning for not letting SYSTEM have access to
remote files is a security one. Since the SYSTEM account is the same no
matter what user is logged on (or what process is trying to gain
access), there's no way to track accesses to the file.

>I want to use zwCreateFile to open a network file in the system
process.but
>It 's always failed.I think it's caused by the privileges of system

user.

"Ray Trent" <ratrent@xxxxxxxxxxxxx>
??????:#xcTwNFQFHA.3076@xxxxxxxxxxxxxxxxxxxxxxx

Yes, that's typically the LOCAL SYSTEM account. And no, you can't modify
it's privileges significantly without screwing up the whole OS.

Once again, though: What are you *really* trying to accomplish by this?
There is no reason I can think of to want to do what you're asking...

zengfeng wrote:

When y open the task manager,y will see some thread which create by

system

user. I think It's created by OS.
"Pavel A." <pavel_a@xxxxxxxxxxxxxxx> дÈëÏûÏ¢ÐÂÎÅ
:275F6E9B-FC45-4F3F-9BE5-745AC245C6DE@xxxxxxxxxxxxxxxx


"zengfeng" wrote:


Does the privilege of system user can be modified?If can ,How to do

it

?

What is "system user" - Local System?

--




--
../ray\..




--
.../ray\..
.

Relevant Pages

  • Re: system user
    ... Look for "Client impersonation" in the SDK documentation. ... Hence it is usually referred to as the LOCAL SYSTEM account (though now that I look I don't see anything like that in the user namespace... ... Then have the LOCAL SYSTEM process impersonate that user when trying to access the file. ... I'm guessing that the reasoning for not letting SYSTEM have access to ...
    (microsoft.public.development.device.drivers)
  • Re: system user
    ... > Look for "Client impersonation" in the SDK documentation. ... >>>LOCAL SYSTEM account (though now that I look I don't see anything like ... Then have the LOCAL SYSTEM process ...
    (microsoft.public.development.device.drivers)
  • Re: Forms Authentication and Impersonation
    ... > I am trying to use impersonation for part of my site. ... > download them. ... The anonymous user will not have rights to the ... as long as you don't use the system account and set ...
    (microsoft.public.inetserver.iis.security)
  • Re: Using ImpersonateLoggedOnUser
    ... >using the .NET API, ... >> service in order to perform impersonation for the ... >> still using the local SYSTEM account, ... >> does not have access to printers (unless the registry is ...
    (microsoft.public.dotnet.framework)
  • Re: system user
    ... The SYSTEM account has unlimited privileges on the local machine, but it has no credentials at all on some other host out there in the world, as far as I know. ... Then have the LOCAL SYSTEM process impersonate that user when trying to access the file. ... I'm guessing that the reasoning for not letting SYSTEM have access to remote files is a security one. ...
    (microsoft.public.development.device.drivers)