Solved

Run a process as admin from a system account in Windows

Posted on 2008-11-03
3
621 Views
Last Modified: 2013-12-04
Hello experts,

I'm running a process under the system account, and I want it to run another process as another user (of course, supplying the username and password).

I'm using the CreateProcessWithLogonW API function, which works fine when my process runs with any account, but NOT under system account... When running on system account, GetLastErr returns 5 (ACCESS_IS_DENIED).

I've tried altering the dwLogonFlags parameter, but in both flags (LOGON_WITH_PROFILE and LOGON_NETCREDENTIALS_ONLY) it behaves the same...
0
Comment
Question by:Iys
  • 2
3 Comments
 
LVL 6

Expert Comment

by:ChristianWimmer
ID: 22866668
The CreateProcessWithLogonW function does not work in a SYSTEM account. It is a "known" bug. However you can user LogonUser and CreateProcessAsUser from your service like here:

http://www.experts-exchange.com/Programming/System/Windows__Programming/Q_20687952.html?sfQueryTermInfo=1+createprocessasus

0
 

Author Comment

by:Iys
ID: 22875169
OK... not very successful:
The LogonUser func failed with the LOGON32_LOGON_BATCH logon type (as well as LOGON32_LOGON_SERVICE), and all other logon types makes the CreateProcessAsUser function fail.
The LOGON32_LOGON_NEW_CREDENTIALS logon type is the only logon type not failing the child process creation, but the child process runs under SYSTEM account again!...
0
 
LVL 6

Accepted Solution

by:
ChristianWimmer earned 500 total points
ID: 22875253
Oh I did not see that this example uses another logon type. You should use LOGON32_LOGON_INTERACTIVE .
In a service you also need to set the token session ID using SetTokenInformation, because users may run in another session than the service (vista).

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to convert MFC APP to Win32 APP. 19 68
computer science syllabus 3 70
String manipulation in Visual Basic 7 58
What are the big features of MVC5? 4 72
What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn additional member functions of the vector class. Specifically, the capacity and swap member functions will be introduced.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now