T
Tim
Hey,
I am seeing some really odd behavior in one of my applications. The
application is bascially a runas app with a few bells and whistles. In
it's purest form, though, it is very simple.
The parent process is a service, and runs as the System user. It then
calls my runas program, passing in user credentials. My program
performs a logonuser(), using an interactive logon (so I should have a
primary user token), then calls createprocessasuser().
The bahavior I am seeing:
The LogonUser call succeeds.
The CreateProcessAsUser() call succeeds.
I then call WaitForSingleObject on the processinfo,
then GetExitCodeProcess().
As long as the user I use with LogonUser is in the administrators
group, everything works fine. However, if I remove the user from the
administrators group, the exitcode that comes from GetExitCodeProcess
is always "6". Note, that the process I'm calling creates a logfile
when it starts up, and I *never* see the logfile. So it looks like
CreateProcessAsUser is not actually starting the process, even though
it returns with a success.
One more off behavior that I have duplicated only on one (non domain
member) machine. If I open a command window, and run a "runas
/user:testuser cmd.exe", I now have a cmd.exe window open as my user.
Same user I'm using in the app run by the service. Now, however, all
the sudden, my app being called by the service works. close the
cmd.exe window, and it starts giving me '6' again. I tried this on 2
machines that belonged to domains, and could not reproduce this
behavior.
I thought this might be something to do with the user hive not being
loaded, so I tried adding the LoadUserProfile, and
CreateEnvironmentBlock. Both those succeed, but still I get the error
code 6 for a non-administrator user.
Am I missing something?
Thanks, Tim
I am seeing some really odd behavior in one of my applications. The
application is bascially a runas app with a few bells and whistles. In
it's purest form, though, it is very simple.
The parent process is a service, and runs as the System user. It then
calls my runas program, passing in user credentials. My program
performs a logonuser(), using an interactive logon (so I should have a
primary user token), then calls createprocessasuser().
The bahavior I am seeing:
The LogonUser call succeeds.
The CreateProcessAsUser() call succeeds.
I then call WaitForSingleObject on the processinfo,
then GetExitCodeProcess().
As long as the user I use with LogonUser is in the administrators
group, everything works fine. However, if I remove the user from the
administrators group, the exitcode that comes from GetExitCodeProcess
is always "6". Note, that the process I'm calling creates a logfile
when it starts up, and I *never* see the logfile. So it looks like
CreateProcessAsUser is not actually starting the process, even though
it returns with a success.
One more off behavior that I have duplicated only on one (non domain
member) machine. If I open a command window, and run a "runas
/user:testuser cmd.exe", I now have a cmd.exe window open as my user.
Same user I'm using in the app run by the service. Now, however, all
the sudden, my app being called by the service works. close the
cmd.exe window, and it starts giving me '6' again. I tried this on 2
machines that belonged to domains, and could not reproduce this
behavior.
I thought this might be something to do with the user hive not being
loaded, so I tried adding the LoadUserProfile, and
CreateEnvironmentBlock. Both those succeed, but still I get the error
code 6 for a non-administrator user.
Am I missing something?
Thanks, Tim