V
Vincent Finn
Hi,
I am calling an exe from a webservice
I was using CreateProcessWithLogon() but it doesn't seem to work (MSDN
says it is supported) I get ERROR_ACCESS_DENIED.
It works fine if I am using an XP
Are there permissions that must be set in Win2K to allow this function
to work?
I tried swapping to using LogonUser() and CreateProcessAsUser() but
again they work fine and XP and fail on Win2K
this time the error is ERROR_PRIVILEGE_NOT_HELD
The MSDN says that the user calling LogonUser() needs SE_TCB_NAME
privilege.
I tried setting this and failed (on both OS this time)
The code I am using is in VB.Net below.
Can anyone tell me what I am doing wrong?
Or is there a way to set this without coding i.e. User settings
somewhere?
Vin
private declare Auto Function OpenProcessToken lib "advapi32.dll"
(ByVal ProcessHandle as IntPtr, ByVal DesiredAccess as Integer, ByRef
TokenHandle as IntPtr) as Boolean
private Declare auto Function LookupPrivilegeValue Lib "advapi32.dll"
(lpSystemName As String, lpName As String, ByRef lpLuid As LUID) As
Boolean
private Declare Function AdjustTokenPrivileges Lib "advapi32.dll"
(ByVal TokenHandle As IntPtr, ByVal DisableAllPrivileges As Boolean,
ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Integer,
ByVal PreviousState As IntPtr, ByVal ReturnLength As IntPtr) As
Boolean
Private Structure TOKEN_PRIVILEGES
public PrivilegeCount as Integer
' have tried variations on this parameter but none of them make
' a difference any array variant won't marshal
public Privileges as LUID_AND_ATTRIBUTES
end Structure
private Structure LUID_AND_ATTRIBUTES
Public Luid As LUID
Public Attributes As Integer
End Structure
private Structure LUID
Public LowPart As Integer
Public HighPart As Integer
End Structure
' Inside the Function
Dim hProc As IntPtr
dim hToken As IntPtr
Dim luid_TCB As LUID
Dim tp As New TOKEN_PRIVILEGES
' get the current process's token
hProc = Process.GetCurrentProcess().Handle
hToken = IntPtr.Zero
If Not OpenProcessToken(hProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY,
hToken) Then
throw new Exception(err.LastDllError)
End If
' get the LUID for the TCB privilege (provided it already exist)
luid_TCB.HighPart = 0
luid_TCB.lowPart = 0
If Not LookupPrivilegeValue(Nothing, SE_TCB_NAME, luid_TCB) Then
throw new Exception(err.LastDllError)
End If
tp.PrivilegeCount = 1
tp.Privileges.Luid = luid_TCB
tp.Privileges.Attributes = SE_PRIVILEGE_ENABLED
' enable the privileges
If Not AdjustTokenPrivileges(hToken, False, tp, 0, IntPtr.Zero,
IntPtr.Zero) Then
throw new Exception(err.LastDllError)
End If
dim errorCode as Integer
errorCode = err.LastDllError
' This will equal ERROR_NOT_ALL_ASSIGNED
I am calling an exe from a webservice
I was using CreateProcessWithLogon() but it doesn't seem to work (MSDN
says it is supported) I get ERROR_ACCESS_DENIED.
It works fine if I am using an XP
Are there permissions that must be set in Win2K to allow this function
to work?
I tried swapping to using LogonUser() and CreateProcessAsUser() but
again they work fine and XP and fail on Win2K
this time the error is ERROR_PRIVILEGE_NOT_HELD
The MSDN says that the user calling LogonUser() needs SE_TCB_NAME
privilege.
I tried setting this and failed (on both OS this time)
The code I am using is in VB.Net below.
Can anyone tell me what I am doing wrong?
Or is there a way to set this without coding i.e. User settings
somewhere?
Vin
private declare Auto Function OpenProcessToken lib "advapi32.dll"
(ByVal ProcessHandle as IntPtr, ByVal DesiredAccess as Integer, ByRef
TokenHandle as IntPtr) as Boolean
private Declare auto Function LookupPrivilegeValue Lib "advapi32.dll"
(lpSystemName As String, lpName As String, ByRef lpLuid As LUID) As
Boolean
private Declare Function AdjustTokenPrivileges Lib "advapi32.dll"
(ByVal TokenHandle As IntPtr, ByVal DisableAllPrivileges As Boolean,
ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Integer,
ByVal PreviousState As IntPtr, ByVal ReturnLength As IntPtr) As
Boolean
Private Structure TOKEN_PRIVILEGES
public PrivilegeCount as Integer
' have tried variations on this parameter but none of them make
' a difference any array variant won't marshal
public Privileges as LUID_AND_ATTRIBUTES
end Structure
private Structure LUID_AND_ATTRIBUTES
Public Luid As LUID
Public Attributes As Integer
End Structure
private Structure LUID
Public LowPart As Integer
Public HighPart As Integer
End Structure
' Inside the Function
Dim hProc As IntPtr
dim hToken As IntPtr
Dim luid_TCB As LUID
Dim tp As New TOKEN_PRIVILEGES
' get the current process's token
hProc = Process.GetCurrentProcess().Handle
hToken = IntPtr.Zero
If Not OpenProcessToken(hProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY,
hToken) Then
throw new Exception(err.LastDllError)
End If
' get the LUID for the TCB privilege (provided it already exist)
luid_TCB.HighPart = 0
luid_TCB.lowPart = 0
If Not LookupPrivilegeValue(Nothing, SE_TCB_NAME, luid_TCB) Then
throw new Exception(err.LastDllError)
End If
tp.PrivilegeCount = 1
tp.Privileges.Luid = luid_TCB
tp.Privileges.Attributes = SE_PRIVILEGE_ENABLED
' enable the privileges
If Not AdjustTokenPrivileges(hToken, False, tp, 0, IntPtr.Zero,
IntPtr.Zero) Then
throw new Exception(err.LastDllError)
End If
dim errorCode as Integer
errorCode = err.LastDllError
' This will equal ERROR_NOT_ALL_ASSIGNED