none
Impersonation And UAC

    Question

  • I'm attempting to replicate a registry hive from my service.  My service runs as local system and uses stored credentials to impersonate a domain admin.

     

    All works GREAT unless, UAC is running which results in the service being able to read the REMOTE registry but being unable to write to the local one.  I'm guessing that that is because the thread is currently running as the impersonated user.   Of course, after calling RevertToSelf, I can write all the live long day.

     

    Now....since I'm using a nice clean recursive function to replicated an entire hive, I REALLY don't want it switching contexts for reading the remote hive and writing to the local one, so I'm hoping that maybe I'm missing something simple.

     

    Here is my current service code (error processing code removed)

    BOOL bResult = LogonUser(m_userName, m_domainStr, m_password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &userHandle);

    bResult = ImpersonateLoggedOnUser(userHandle);

     

    I tried the duplicateTokenEx route too...same result

    BOOL bResult = LogonUser(m_userName, m_domainStr, m_password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &userHandle);

    HANDLE hPrivTokenImperson;

    DuplicateTokenEx( userHandle, TOKEN_QUERY | TOKEN_IMPERSONATE, NULL, SecurityImpersonation, TokenImpersonation, & hPrivTokenImperson )

    SetThreadToken( NULL, hPrivTokenImperson )

     

     

    Please, what am I missing?

     

    thanks,

     

    Gene

    Tuesday, August 12, 2008 7:11 PM

All replies

  • Hi,

    Did you resolve the issue above from last year? I've just hit similar situation in which when UAC is on, and I impersonate a domain user, I get no access to local files anymore, although both the domain user and the local system account have access to the resource (an assembly file I am trying to load).
    The user logged in the assembly binding log (fusion) appears as "Unknown"...

    So, how did you resolve the situation?

    Thanks,
    Aharon 
    Wednesday, October 21, 2009 2:06 PM
  • Hi Gene:

    How is the situation on your side?
    Is this thread solved or NOT?

    Please tell me!

    Have a nice day...

    Best regards,
    Fisnik
    Coder24.com
    Friday, November 13, 2009 7:50 PM
  • Hi Gene:

    How is the situation on your side?
    Is this thread solved or NOT?

    Please tell me!

    Have a nice day...

    Best regards,
    Fisnik
    Coder24.com
    Thursday, November 26, 2009 12:37 PM
  • Hi Gene:

    How is the situation on your side?
    Is this thread solved?

    Please tell me!

    Have a nice day...

    Best regards,
    Fisnik
    Coder24.com
    Sunday, December 27, 2009 9:40 AM
  • Hi again:

    How is the situation on your side?
    Is this thread solved?

    Please tell me!

    Have a nice day...

    Best regards,
    Fisnik

    Coder24.com
    Saturday, January 02, 2010 3:02 PM