Using Restricted SIDs in CreateRestrictedToken causes CreateProcessAsUser to give error - "Application failed to initialize properly"
- From: "Jesh" <rajeshjangam@xxxxxxxxx>
- Date: 4 Sep 2006 22:06:55 -0700
Hi,
I am having a wierd requirement which says that:
When a user 'X' uses my application, he should not get access to some
drives and folders.
Normally, outside my application, he should get access to these
partitions and folders.
Or in other words, he should be restricted in my application.
I found one way of doing it using "CreateRestrictedToken".
Steps that I followed:
1. Created a restricted user account say 'Y'.
2. Added "Access Deny" ACE's for user 'Y' on the objects that were to
be restricted from my application.
3. Used CreateRestrictedToken to create a restricted token from the
access token of user 'X' by adding the SID of the user 'Y' in the
restricted SIDs list.
4. Used the restricted token in CreateProcessAsUser to launch my
application.
Here, CreateProcessAsUser is successfull in launching my application,
but, it fails to initialize with error - "Application Failed to
Initialize Properly".
Any Idea, why is this happening?
Thanks,
Rajesh
.
- Follow-Ups:
- Prev by Date: Re: authenticating usernmame/ password combination programmatically
- Next by Date: makefile and PSDK
- Previous by thread: Re: authenticating usernmame/ password combination programmatically
- Next by thread: Re: Using Restricted SIDs in CreateRestrictedToken causes CreateProcessAsUser to give error - "Application failed to initialize properly"
- Index(es):
Relevant Pages
|
