• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 829
  • Last Modified:

WinXp SP2 problem with RunAs from Nt Service

Hi Experts,

I Found this code for launch  an application with other user rigths:

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Launch: TButton;
    App: TEdit;
    Usuario: TEdit;
    Password: TEdit;
    Parametro: TEdit;
    procedure LaunchClick(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;


function CreateProcessWithLogonW(

  lpUserName: PWideChar;
  lpDomain: PWideChar;
  lpPassword: PWideChar;
  dwLogonFlags: DWORD;
  lpApplicationName: PWideChar;
  lpCommandLine: PWideChar;
  dwCreationFlags: DWORD;
  lpEnvironment: Pointer;
  lpCurrentDirectory: PChar;
  const lpStartupInfo: TStartupInfo;
  var lpProcessInformation: TProcessInformation
  ): BOOL; stdcall;

Function RunAs(Username, Password, Command,Parameter: String): integer;




var
  Form1: TForm1;

implementation

{$R *.dfm}

function CreateProcessWithLogonW; external advapi32 name 'CreateProcessWithLogonW';


function PerformLogon(const User, Domain, Password: String): Cardinal;
begin
      if NOT LogonUser(pChar(User), pChar(Domain), pChar(Password),
             LOGON32_LOGON_NETWORK,
             LOGON32_PROVIDER_DEFAULT,
             Result) then
      RaiseLastWin32Error;
end;



Function RunAs(Username, Password, Command, Parameter: String): integer;
Var
  si: TStartupInfo;
  pi: TProcessInformation;
  pUser, pPass, pDomain, pProgram,pParameter: array [0..255] of WChar;
  LastError: DWORD;
  ResultString: String;
Begin
  ZeroMemory(@si, SizeOf(si));
  si.cb:=SizeOf(si);
  ZeroMemory(@pi, SizeOf(pi));

  StringToWideChar(UserName, pUser, 255);
  StringToWideChar(PassWord, pPass, 255);
  StringToWideChar('', pDomain, 255);
  StringToWideChar(Command, pProgram, 255);
  StringToWideChar(Command+' '+Parameter, pParameter, 255);

  CreateProcessWithLogonW(
    pUser,
    pDomain,
    pPass,
    1, //LOGON_WITH_PROFILE,
    nil,
    pParameter,
    CREATE_DEFAULT_ERROR_MODE or CREATE_NEW_CONSOLE or
    CREATE_NEW_PROCESS_GROUP  or CREATE_SEPARATE_WOW_VDM,
    nil,
    nil,
    si,
    pi
   );
  LastError:=GetLastError;
 Case LastError of
   0:    ResultString:='Success!';
   86:   ResultString:='Wrong password';
   1326: ResultString:='Wrong username or password';
   1327: ResultString:='Logon failure?user account restriction';
   13850: ResultString:='Logon failure?the user has not been granted the requested logon type at this computer.';
   2:    ResultString:='File not found';
   5:    ResultString:='Access denied';
 else
   ResultString:='Error '+IntToStr(LastError);
 end;
 ShowMessage(ResultString);
 Result:=LastError;
End;



procedure TForm1.LaunchClick(Sender: TObject);
begin
    RunAs(Usuario.Text,Password.Text,App.Text,Parametro.Text);
end;

end.



Ok, this function "RunAs"  works fine on win2k,XP sp1 from application or calling from Nt Service, but my problem is that this function works in XP SP2 from an application but from Nt Service this doesn't works any more, the result error is "Access denied" and I need call this function from Nt Service in XP SP2 :( .


Please helpme how to use this function On this OS.

thanks in advance.
0
MauricioGaviria
Asked:
MauricioGaviria
  • 2
1 Solution
 
geobulCommented:
Hi,

This sounds like SP2 has changed some default settings in local security policy (perhaps in User Right Assignment) compared to the previous versions. There are such differences between 2000 and XP(SP1) for sure. I hope that you're using the same service settings (account) in all environments.

Try changing the account your service is logging in to your own account and see if it will work.

Regards, Geo
0
 
geobulCommented:
Without any feedback it's difficult to say anything. Usually if something works as a normal app but fails as a service then the problem is in the account that service is logging in. Changing it to an account with the correct permissions solves the issue.

Regards, Geo
0
 
moduloCommented:
PAQed with no points refunded (of 500)

modulo
Community Support Moderator
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now