LogonUser with LOGON32_LOGON_BATCH parameter results in a elevated token RRS feed

  • Question


    Hi All,


    I was wondering if anyone came across this and knows the answer.  I have a problem with LogonUser, even if my application is running in limitted session, LogonUser produces an Elevated token of type "ElevationTypeDefault" and there's no linked token attached to it.  I need to call LogonUser function with LOGON32_LOGON_BATCH parameter b/c later I will attempt to launch a batch script, but first I need to figure out how to get limitted token from LogonUser or at least strip it. I tried everything, getting linked token which doesn't seem to exist, I tried creating restrickted token, I tried manually removing privileges, but the token is still registering as elevated.  Using LOGON32_LOGON_INTERACTIVE is not an option.


    Any ideas would be appreciated. Thank you.



    Thursday, September 27, 2007 10:29 PM

All replies

  • UAC is only applied to INTERACTIVE tokens which is why you receive a Full token for Batch.

    This is by design.


    Frank K [MSFT]

    Follow us on Twitter, www.twitter.com/WindowsSDK

    Wednesday, January 7, 2015 5:30 AM