CreateProcessAsUser "loses" privileges, why?
- From: Stefan Kuhr <kustt110@xxxxxx>
- Date: Wed, 20 Apr 2005 22:08:12 +0200
Hello everyone,
I have a service (running in SYSTEM) that impersonates a client at a
server end of a named pipe. The client is a local administrator and has
the SE_DEBUG_NAME privilege granted. If I duplicate the impersonation
token in the service to make it a primary token and use it to create a
new process using CreateProcessAsUser, the SE_DEBUG_NAME privilege is
gone, i.e. I cannot even enable it anymore. Why is that? What can I do
to create a process with CPAU from the service running as the
impersonated user with the full set of privileges that the client has?
Note that this is not a restricted token that I create, it is just a
primary token created from an impersonation token, everything happens on
the same machine.
I can successfully enable the SE_DEBUG_NAME privilege within the service
using the primary token but somehow the process started via CPAU doesn't
get it and cannot enable it either.
Any help appreciated,
--
S
.
- Follow-Ups:
- Re: CreateProcessAsUser "loses" privileges, why?
- From: Pavel Lebedinsky
- Re: CreateProcessAsUser "loses" privileges, why?
- Prev by Date: Re: Send a message to a particular thread
- Next by Date: Re: Transparent File Access Requirement
- Previous by thread: Send a message to a particular thread
- Next by thread: Re: CreateProcessAsUser "loses" privileges, why?
- Index(es):
Relevant Pages
|
