Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Run a process as admin from a system account in Windows

Posted on 2008-11-03
3
Medium Priority
?
627 Views
Last Modified: 2013-12-04
Hello experts,

I'm running a process under the system account, and I want it to run another process as another user (of course, supplying the username and password).

I'm using the CreateProcessWithLogonW API function, which works fine when my process runs with any account, but NOT under system account... When running on system account, GetLastErr returns 5 (ACCESS_IS_DENIED).

I've tried altering the dwLogonFlags parameter, but in both flags (LOGON_WITH_PROFILE and LOGON_NETCREDENTIALS_ONLY) it behaves the same...
0
Comment
Question by:Iys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:ChristianWimmer
ID: 22866668
The CreateProcessWithLogonW function does not work in a SYSTEM account. It is a "known" bug. However you can user LogonUser and CreateProcessAsUser from your service like here:

http://www.experts-exchange.com/Programming/System/Windows__Programming/Q_20687952.html?sfQueryTermInfo=1+createprocessasus

0
 

Author Comment

by:Iys
ID: 22875169
OK... not very successful:
The LogonUser func failed with the LOGON32_LOGON_BATCH logon type (as well as LOGON32_LOGON_SERVICE), and all other logon types makes the CreateProcessAsUser function fail.
The LOGON32_LOGON_NEW_CREDENTIALS logon type is the only logon type not failing the child process creation, but the child process runs under SYSTEM account again!...
0
 
LVL 6

Accepted Solution

by:
ChristianWimmer earned 2000 total points
ID: 22875253
Oh I did not see that this example uses another logon type. You should use LOGON32_LOGON_INTERACTIVE .
In a service you also need to set the token session ID using SetTokenInformation, because users may run in another session than the service (vista).

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question