impersonation win2000 to XP

[Grei]

how can i impersonate from win2000 to WinXP?
MSDN gives example how to implemet impersonation from XP to XP, but not from
win2000 to XP, and it
doesn't say what to do with win2000!!!
any ideas?
workarounds?
Thanx!


// This sample demonstrates the use of the WindowsIdentity class to
impersonate a user.
// IMPORTANT NOTES:
// This sample can be run only on Windows XP. The default Windows 2000
security policy
// prevents this sample from executing properly, and changing the policy to
allow
// proper execution presents a security risk.

ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassImpersonateTopic.htm

 

[Willy Denoyette [MVP]]

Run the "local policy editor" and add the user account running your code to
the list of accounts having 'act as part of the operating system' user
right.
But before you do this think about the security implications, and try to
solve your 'problem' without a need to impersonate.
Willy.

 

[Grei]

I really need impersonation, and can't afford such security hole.
can i use any COM library?
Was it possible before .Net?

 

[Willy Denoyette [MVP]]

I really need impersonation, and can't afford such security hole.
can i use any COM library?
Was it possible before .Net?

This has nothing to do with .NET.
It's always been like this on Windows OS prior to XP and W2K3. ON NT4 and
W2K, only the SYSTEM account (LocalSystem) has this privilege (call
LogonUser) by default.
Just curious, why do you need to impersonate?.
All depends on what exactly you want to achieve, possibly you can use
System.EnterpriseServices to run your code in the security context hosted
environment (COM+).


Willy.

 

[Grei]

i want to copy a file from computer that is on domain to computer outside of
domain.
when trying to access shared directory on comp outside domain auth. is
requred.

 

[Willy Denoyette [MVP]]

i want to copy a file from computer that is on domain to computer outside
of domain.
when trying to access shared directory on comp outside domain auth. is
requred.

If I my understanding is correct, you simply have to copy a file from a
domain member server called A to a non domain member called B, right?
In that case you DON'T have to impersonate, you have to establish a network
logon session using the alternate credentials valid on B.
Network logon sessions are best created from the command line or from a
logon script.
Say you are interactively logged on to A as user Grei and you need a network
logon session as user Alice with B, following command;

net use \\B\sharename alicesPwd user:B\alice

establishes a network logon session for user 'Grei' on A with server B using
Alice's credentials to access/read/write the folders/files on B.
This command can be placed in a logon script that executes when Grei logs
on.
It's also possible to create a network logon session from your code using
PInvoke to call Win32 API NetUseAdd, but this is only needed when you have
to establish a network logon session for a non interactive logon session (a
Windows service for instance).

Willy.

 

[Grei]

Thank you very much!
I really appritiate you help.
This sounds like soloution to my problem, i'll have a chance to test it on
Monday.
Thanx again man!