Can I impersonate without the user logon token.

  • Thread starter Thread starter Joseph QIAO
  • Start date Start date
J

Joseph QIAO

Dear All,

Can I impersonate an account without logon use his/her username and
password. If there are any way to impersonate that user by some meaning of
superuser?

Thanks in advance for any help

Joe
 
from an application standpoint, yes you can when you have the TCB (system)
privelege and the system in trusted for delegation in Active Directory or in
2003 with constrained delegation. You can then impersonate the user and
perform functions in their security context. If you looking to impersonate
a user with an interactive logon and a superuser account, no you cannot do
that
 
Dear David,

Thanks very much for the information. About impersonate from the TCB
privelege, could you tell me the API and procedure to impersonate. I mean,
for example, in .Net environment, you may need to

1. Logon the user account to get a token.
2. Construct a WindowsIdentity instance.
3. Call the impersonate method to get the context.

But how can you do that with TCB priveleged applications.

Thanks again for the help.

Joe

David Cross said:
from an application standpoint, yes you can when you have the TCB (system)
privelege and the system in trusted for delegation in Active Directory or in
2003 with constrained delegation. You can then impersonate the user and
perform functions in their security context. If you looking to impersonate
a user with an interactive logon and a superuser account, no you cannot do
that

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

Joseph QIAO said:
Dear All,

Can I impersonate an account without logon use his/her username and
password. If there are any way to impersonate that user by some meaning of
superuser?

Thanks in advance for any help

Joe
Click to expand...
Click to expand...
 
Back
Top