Re: Starting a new process, which has the same security permissions and the parent.

Tech-Archive recommends: Speed Up your PC by fixing your registry


"Phil Mc" <philip.mckee@xxxxxxxxxxxx> wrote in message
news:1133445465.241877.196420@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi Willy, thanks for the comments...
> Admin on this server box are very reluctant to let me impersonate a
> logon account. I've looked at this already.
>
> I am at testing stage, and am starting the parent application by
> logging into the server box and running it manually. This is of course
> passing my privileges to the app. The strange thing is that when this
> parent app runs, it conducts all its file IO operations without any
> problems (this involves creating dirs, moving files etc.), BUT when
> this parent app starts these other child console applications, they are
> causing the exceptions. These same applications if run directly form a
> logon (as above), to the server, do not cause any problem.
> It has me baffled. I was wondering can I explicitly pass on a security
> context when starting the processes to run the child console
> applications.
> Cheers
>

Phil,

I would suggest you:
- turn-on security auditing for the file objects, and
- set the auditing policy (Local Policy Settings) to Audit object access
(enable both failure and success).
When done, you can try to run the application (both failing and working) and
watch the eventlog (security log) messages for both failures and success,
check who's the IO requestor and it's IO privileges.
If the identity of the IO requestor is not the same for both runs, it would
mean that one of the programs in the child - parent chain is impersonating.
Normaly the IO requestor should be the same as the account of the current
logon session.

Willy.



.

Relevant Pages

  • Re: Starting a new process, which has the same security permissions and the parent.
    ... logon account. ... logging into the server box and running it manually. ... this parent app starts these other child console applications, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Please help refresh my memory on AD DC
    ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here ... admin account to be able to Login so I can control it from the DC. ... A domain user can by default logon to any domain computer, except Domain controllers. ... A Server has websites already hosted on it in a Workgroup and now I ...
    (microsoft.public.windows.server.active_directory)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.dns)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.networking)
  • RE: Problems with 529 Events
    ... attempting to logon on some services on the SBS server. ... and then click Account Lockout Policy. ...
    (microsoft.public.windows.server.sbs)