Re: Change process user for app in VB 6

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Lejnon (Lejnon_at_discussions.microsoft.com)
Date: 01/11/05 

Date: Mon, 10 Jan 2005 23:03:01 -0800

Thank You Philippe for Your response.

I`m already using almoust the same code, but as I wrote, I`m working under
Windows 2000, and under 2000 LogOnUser requires 'Act as part of opperating
system' privilege (Default this privilege is held only by Local System). Code
that You write for me should works under XP without any problems but under
2000 I get all the time the same error: 1314 ("A required privilege is not
held by the client.") When I`m starting this code form service it works - but
here new problem appears - user must have privileges required to start
services.

I`m asking about "connect as" window in explorer becouse it looks like it
doesn`t require any additional privileges to change its user.

Mark

"Philippe Halet" wrote:

> Try this piece of code, I think it must works:
>
> Option Explicit
>
> ' Constants used by LogonUser
> Const LOGON32_PROVIDER_DEFAULT As Long = 0&
> Const LOGON32_PROVIDER_WINNT35 As Long = 1&
> Const LOGON32_LOGON_INTERACTIVE As Long = 2&
> Const LOGON32_LOGON_NETWORK As Long = 3&
> Const LOGON32_LOGON_BATCH As Long = 4&
> Const LOGON32_LOGON_SERVICE As Long = 5&
>
> Public Declare Function LogonUser Lib "advapi32.dll" _
> Alias "LogonUserA" (ByVal lpszUsername As String, _
> ByVal lpszDomain As String, ByVal lpszPassword As String, _
> ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, _
> phToken As Long) As Long
> Public Declare Function ImpersonateLoggedOnUser Lib "advapi32.dll" (ByVal
> hToken As Long) As Long
> Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long
> Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long)
> As Long
>
> Private Function LogonInternal(ByVal strAdminUser As String, ByVal _
> strAdminPassword As String, _
> ByVal strAdminDomain As String) As Boolean
> Dim lngTokenHandle, lngLogonType, lngLogonProvider As Long
> Dim blnResult As Boolean
>
> LogonInternal = False
>
> lngLogonType = LOGON32_LOGON_INTERACTIVE
> lngLogonProvider = LOGON32_PROVIDER_DEFAULT
>
> blnResult = RevertToSelf()
>
> blnResult = LogonUser(strAdminUser, strAdminDomain, strAdminPassword, _
> lngLogonType, lngLogonProvider, _
> lngTokenHandle)
> If blnResult = False Then
> MsgBox "Error during logon"
> Exit Function
> End If
>
> blnResult = ImpersonateLoggedOnUser(lngTokenHandle)
>
> If Not blnResult = True Then
> MsgBox "Unable to become " + strAdminUser
> Exit Function
> End If
>
> LogonInternal = True
>
> End Function
>
> '***************************************************************************
> ******
> ' Logon dans le user spécifique BEEDocs
> '***************************************************************************
> ******
> Public Function Logon() As Boolean
>
> If m_BEEDocsUser <> "" Then
>
> Logon = LogonInternal(m_BEEDocsUser, m_BEEDocsPwd, m_BEEDocsDomain)
>
> Else
>
> Logon = True
>
> End If
>
> End Function
>
> '***************************************************************************
> ******
> ' Déconnexion du user spécifique BEEDocs
> '***************************************************************************
> ******
> Public Sub Logoff()
> Dim blnResult As Boolean
>
> If m_BEEDocsUser <> "" Then
>
> blnResult = RevertToSelf()
>
> End If
>
> End Sub
>
>
> "Lejnon" <Lejnon@discussions.microsoft.com> wrote in message
> news:69644AA8-98DC-4ADE-B8E9-F49C3B2A00B5@microsoft.com...
> > I`m writing VB aplication that requires to change it`s process user after
> > typeing proper user name and password.
> > Very impotrant to me is allow this option to every user without any
> > additional privileges. I`ve tried with LogOnUser but under 2000 it
> requires
> > 'act as part of opperating system' privilege and I don`t want to give it
> to
> > every user. Another inportant thing - this should be the same process
> > assigned to another user, so Runas, CreateProcessWithLogon, CreateProcess
> > API etc. are not good for me(I think - maby I`m wrong). As I know, every
> > Token function requires some additional privileges so...
> > I`ve already done it by using service running under Local System and
> > restarting my app under local system user, but it requires user to have
> > privileges to services:(.
> >
> > I want to do this like "Connect as" window in explorer. How it is working
> > and what kind of functions it uses or any ideas how to solve my problem?
> >
> > Thanks
>
>
>

Relevant Pages

  • Re: WindowsIdentity.Impersonate() vs ImpersonateLoggedOnUser()
    ... So LogonUser, ImpersonateLoggedOnUser and RevertToSelf ... On Windows 2000 Professional the code fails at LogonUser with error ... Windows 2000 needs the "Act as part of the operating system" privilege ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How to Validate User Credentials on Windows 2000 OS?
    ... On the other hand, in Windows 2000, LogonUser requires this privilege. ... The net result is that you cannot use LogonUser on Windows 2000 except from the code running as LocalSystem. ... it answers exactly your question: how to validate user credentials in Windows 2000. ...
    (microsoft.public.platformsdk.security)
  • Re: Detecting Admin Privileges Via Code
    ... I didn't bother checking in my code to see if I had SE_TCB_NAME privilege, I just called LogonUser. ... As a result, when Windows 2003 came out, and didn't have that restriction, my code just plain worked exactly the same. ... Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)
  • Re: CreateProcessAsUser Doubt
    ... I have a problem with windows 2000. ... I need to execute this program to give SE_TCB_NAME privilege to execute ... LogonUser and become administrator user. ...
    (microsoft.public.platformsdk.security)