Re: How to raise rights...

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Eugene,

the code is appended...

When I logon as LOGON_NETWORK, the code issues

ERROR: RegOpenKeyEx() failed: 'Class does not exist. (00000583)'

When I use LOGON_INTERACTIVE instead, no error is issued. So there IS a
difference. LOGON_NETWORK does not let me access the local registry?

Christian

-----------

if (UtilSetupLogonImpersonatedUser(argv[1],argv[2],NULL,"Hallo","Welt",NULL)
== 0) // LogonUser...
{
UtilSetupImpersonateUser(NULL,TRUE); // Impersonate...
{
HKEY hBase;
LONG lRes;

lRes =
RegOpenKeyEx(HKEY_LOCAL_MACHINE,"Software",0,KEY_QUERY_VALUE|KEY_ENUMERATE_SUB_KEYS|KEY_CREATE_SUB_KEY,&hBase);

if (lRes != ERROR_SUCCESS)
{
printf("ERROR: RegOpenKeyEx() failed:
'%s'\n",(LPCTSTR)String::GetLastError());
}
else
{
HKEY hSub;
DWORD dwDisp;

lRes =
RegCreateKeyEx(hBase,"combit",0,"",REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hBase,&dwDisp);

if (lRes != ERROR_SUCCESS)
{
printf("reg create error: '%s'\n",(LPCTSTR)String::GetLastError());
}
else
{
RegCloseKey(hSub);
}

RegCloseKey(hBase);
}
}
UtilSetupImpersonateUser(NULL,FALSE); // RevokeToSelf
UtilSetupLogoffImpersonatedUser(); // CloseHandle
}


"Eugene Gershnik" <gershnik@xxxxxxxxxxx> wrote in message
news:uK8bOWlgFHA.2424@xxxxxxxxxxxxxxxxxxxxxxx
> Christian Kaiser wrote:
>> I cannot use the SSPI login that you suggest, as LOGON_NETWORK does
>> not give me the right to write into HKEY_LOCAL_MACHINE (at least my
>> test say so). Especially when I start an OLE server to register
>> itself ("app.exe /register"), I need LOGON_INTERACTIVE, I guess.
>
> Logon type has (almost) nothing to do with rights. Unless somebody
> specifically denied access to "Network" in a DACL there shouldn't be any
> difference. The simplest check is to use regedit remotely ("Connect
> network
> registry"). If it allows you to change relevant keys the netwrok logon on
> a
> local box should be as good.
> Most likely you had some other kind of problem.
>
>> OK, let me rewrite my question :))) If the admin token is the current
>> token of a thread, and CreateProcess is called in that thread, may I
>> assume the new process inherits that token?
>
> Yes. That's how all these runas, cmdasuser etc. work.
>
> --
> Eugene
> http://www.gershnik.com
>
>
>
>


.

Relevant Pages

  • RE: Domain List could not point to new domain automatically
    ... I found that the below registry ... items are related to the cache logon domain. ... Microsoft Online Partner Support ... | migration from old domain to ...
    (microsoft.public.windows.server.migration)
  • Re: windows client cant start completely...get blank desktop and no icons, start button, task bar, e
    ... Can you access the registry remotely from another workstation or the ... "Logon to the problematic client as a user who can logon to other ... Logon to a working client as the user who encountered the problem. ... not supported in newsgroup support. ...
    (microsoft.public.windows.server.sbs)
  • RE: Events 40960 & 40961
    ... the user etchee attempts to logon from workstation WS1, ... other users that can do so fine from this workstation. ... What am I looking for in the winlogon and userenv logging? ... Start Registry Editor. ...
    (microsoft.public.windowsxp.general)
  • Re: default domain display at logon
    ... It does matter when you change the registry. ... will be in the admt migration code anyway. ... Putting this in the logon script does not really help us, ... ADMT cannot change the default logon domain of the workstations. ...
    (microsoft.public.windows.server.migration)
  • Re: Forcing Ctrl+Alt+Del in registry.....DisableCAD
    ... manually go into the registry and use that tweak to do what i wanted. ... laptops to require a Ctrl+Alt+Del logon. ... I did this on three machines and still had no luck forcing a ... all of this can be done through the local group policy. ...
    (microsoft.public.windowsxp.general)