Re: "Access denied" while trying to change a service priorityclass

Tech-Archive recommends: Fix windows errors by optimizing your registry

I see what you are saying now.

Getting the user that the process executes under doesn't guarantee that
you will have rights to elevate the priority of the process. I don't know
if the LocalService account does (it's easy enough to check though, create a
service to run under the LocalService account and see if you can elevate
your own priority).

Impersonating the local service seems to be a little more difficult, and
is laid out here:

http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html

If the LocalService account doesn't allow this, then you have to run the
program attempting to elevate the process under an account that does have
the appropriate permissions.


--
- Nicholas Paldino [.NET/C# MVP]
- mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx


"muradjames" <muradjames@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6343D768-CB1E-4A1B-9A3A-B7A6F438C344@xxxxxxxxxxxxxxxx
Yes, sorry I tried to make it clear in the original question that I want
to
get the user token of the service - ie. the account the service is running
under. I know services don't have user tokens - I suspect users do have
tokens, hence "user token", otherwise we might call them "service tokens"
or
somesuch :-)

If you read the question again, you migh see that the fundamental question
is, *assuming there is no other approach*:

The service runs as "Local System" - can I impersonate the "Local System"
account?

I don't believe that "logonuser" can help with this.

What I was trying to demonstrate with the code is that I can get the
process
that the service is running as - I just cannot get its user token.

Is there anyone here who can understand my original question and have a go
at answering it? I would be grateful for any assistance.

"Nicholas Paldino [.NET/C# MVP]" wrote:

Well, you would want to get the token of a user that has the
appropriate
rights to change the priority of the class.

There is no such thing as the user token of the service. The service
runs under a user account, and that user is the one assocaited with the
process/thread.

If you don't have the appropriate permissions then you need to have
the
service run under a user account that has permissions (in which case,
none
of this is necessary), or call the LogonUser API function through the
P/Invoke layer, passing the username and password of the user you want to
impersonate, then use the user token returned from LogonUser to pass to
the
Impersonate method (the documentation for the Impersonate method should
have
an example of how to call LogonUser).

It should be noted that changing the priority of any process is
generally a bad idea.


--
- Nicholas Paldino [.NET/C# MVP]
- mvp@xxxxxxxxxxxxxxxxxxxxxxxxxxx

"muradjames" <muradjames@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:28CFB03C-52F5-452A-A3BF-67208C60C689@xxxxxxxxxxxxxxxx
I have a service running on my PC. I want to set the service's
PriorityClass
to BelowNormal. I use the following code:

Process process = GetServiceProcess();

// How can I get the user's token (Local System) from
the
process, or wherever?

using (WindowsImpersonationContext user =
WindowsIdentity.Impersonate(userToken))
{
process.PriorityClass =
Settings.Default.servicePriority;
}

Clearly, this cannot work - I need the userToken.

So, my questions are:

1) Is this the correct approach? I am assuming that the "access denied"
is
caused by the fact that my application is running as one user, and the
service is running as local system so I cannot change it? My approach
is
to
impersonate the local system user while I change the priority class.

2) If this is correct, how can I get the user token *of the service*
(i.e.
the Local System token) so that I can impersonate it?

I am using .Net 3.5, by the way...any help gratefully accepted!!!



.

Relevant Pages

  • Re: "Access denied" while trying to change a service priorityclass
    ... The funny thing is that I can lower the priority class for ... the priority class of the service? ... service to run under the LocalService account and see if you can elevate ... I know services don't have user tokens - I suspect users do have ...
    (microsoft.public.dotnet.languages.csharp)
  • "Access denied" while trying to change a service priorityclass
    ... get the user token of the service - ie. the account the service is running ... I know services don't have user tokens - I suspect users do have ... Impersonate method (the documentation for the Impersonate method should have ... // How can I get the user's token (Local System) from the ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Boss wants a "secret" mail account
    ... priority account, it has the same header as his regular account. ... set up another exchange account with the 'priority' username. ...
    (microsoft.public.exchange.admin)
  • Re: Boss wants a "secret" mail account
    ... priority account, it has the same header as his regular account. ... Set up a second mail box for your boss and assign rights. ... Boss gives important customer his "priority" address. ...
    (microsoft.public.exchange.admin)
  • Re: [patch] CFS (Completely Fair Scheduler), v2
    ... Ingo Molnar wrote: ... rq->nr_running in calculating fair_clock? ... This would take the nice value (or RT priority) of the other tasks into account when determining what's fair. ...
    (Linux-Kernel)