Using ImpersonateLoggedOnUser

  • Thread starter Thread starter D
  • Start date Start date
D

D

We have a .NET application implemented as a Windows
service in order to perform impersonation for the purposes
of gaining access to various resources. We are using
ImpersonateLoggedOnUser() instead of the .NET
impersonation API.

Everything works fine except when we call an external COM
component that is supposed to print a report using its
internal API calls. We can access file resources, etc.

We perform impersonation to a valid administrator account,
yet the application fails to print (we wrote debugging
information to make sure that we are impersonating
properly).

The problem appears to be that the external process is
still using the local SYSTEM account, which by default
does not have access to printers (unless the registry is
modified - see http://support.microsoft.com/default.aspx?
scid=kb;en-us;184291). If the registry is modified to
allow printer access to the SYSTEM account, printing works
fine.

We do not want to have to modify the registry to allow
access to printers. Any idea why impersonation is failing
here?

Thanks in advance.
 
It depends on how exactly the print call is being made. If it invokes
another process, that process will run under the worker process account.
Bruce baker wrote some code to fix this issue in here a couple weeks ago
using the .NET API, have a google for it.

--
Regards
Alvin Bruney
[Shameless Author Plug]
The Microsoft Office Web Components Black Book with .NET
available at www.lulu.com/owc
 
Thanks for the reponse.

I was not able to find the code you are referring to. Do
you have more specific information on how to locate it?
-----Original Message-----
It depends on how exactly the print call is being made. If it invokes
another process, that process will run under the worker process account.
Bruce baker wrote some code to fix this issue in here a couple weeks ago
using the .NET API, have a google for it.

--
Regards
Alvin Bruney
[Shameless Author Plug]
The Microsoft Office Web Components Black Book with .NET
available at www.lulu.com/owc
--------------------------------------------------


We have a .NET application implemented as a Windows
service in order to perform impersonation for the purposes
of gaining access to various resources. We are using
ImpersonateLoggedOnUser() instead of the .NET
impersonation API.

Everything works fine except when we call an external COM
component that is supposed to print a report using its
internal API calls. We can access file resources, etc.

We perform impersonation to a valid administrator account,
yet the application fails to print (we wrote debugging
information to make sure that we are impersonating
properly).

The problem appears to be that the external process is
still using the local SYSTEM account, which by default
does not have access to printers (unless the registry is
modified - see http://support.microsoft.com/default.aspx?
scid=kb;en-us;184291). If the registry is modified to
allow printer access to the SYSTEM account, printing works
fine.

We do not want to have to modify the registry to allow
access to printers. Any idea why impersonation is failing
here?

Thanks in advance.
Click to expand...


.
Click to expand...
 
Back
Top