G
Guest
!!!Please Help!!!
The 'Impersonate a client after authentication' is a new Security Policy in
Win 2K SP4 and above. If not granted, it doesn't allow programs a user runs
to impersonate themselves, as admins for example. This is great and our
client wants this. However, this has broken one of our programs. Thus, I
tried to use CreateProcessWithLogonW function in this Visual Basic 6 program
to launch a process as an admin. However, in the function where I call
CreateProcessWithLogonW, it actually kicks out of my function right after
this call, no errors or anything, and doesn't launch the process. I have
been searching all over MSs web site and all over the web, I can't seem to
find out whether not having 'Impersonate a client after authentication' just
blocks impersonation or also blocks launching another program from within a
program with higher privilages, like admin. Also maybe I can grant this
permission in my code, not have to worry about launching another process. I
would have to change Windows security for this within my code when the
program is running as the current user, for the current user, who is not an
admin. Is this blocked too, if so, what can I do. I can use a Windows
Service to do all the work I need done by the program, which is simply
updating some program components, but then again, can I even run a service
from VB 6 code when the program is running as the current user who is not an
admin.
The 'Impersonate a client after authentication' is a new Security Policy in
Win 2K SP4 and above. If not granted, it doesn't allow programs a user runs
to impersonate themselves, as admins for example. This is great and our
client wants this. However, this has broken one of our programs. Thus, I
tried to use CreateProcessWithLogonW function in this Visual Basic 6 program
to launch a process as an admin. However, in the function where I call
CreateProcessWithLogonW, it actually kicks out of my function right after
this call, no errors or anything, and doesn't launch the process. I have
been searching all over MSs web site and all over the web, I can't seem to
find out whether not having 'Impersonate a client after authentication' just
blocks impersonation or also blocks launching another program from within a
program with higher privilages, like admin. Also maybe I can grant this
permission in my code, not have to worry about launching another process. I
would have to change Windows security for this within my code when the
program is running as the current user, for the current user, who is not an
admin. Is this blocked too, if so, what can I do. I can use a Windows
Service to do all the work I need done by the program, which is simply
updating some program components, but then again, can I even run a service
from VB 6 code when the program is running as the current user who is not an
admin.