locked
LogonUser with LOGON32_LOGON_BATCH parameter results in a elevated token RRS feed

  • Question

  •  

    Hi All,

     

    I was wondering if anyone came across this and knows the answer.  I have a problem with LogonUser, even if my application is running in limitted session, LogonUser produces an Elevated token of type "ElevationTypeDefault" and there's no linked token attached to it.  I need to call LogonUser function with LOGON32_LOGON_BATCH parameter b/c later I will attempt to launch a batch script, but first I need to figure out how to get limitted token from LogonUser or at least strip it. I tried everything, getting linked token which doesn't seem to exist, I tried creating restrickted token, I tried manually removing privileges, but the token is still registering as elevated.  Using LOGON32_LOGON_INTERACTIVE is not an option.

     

    Any ideas would be appreciated. Thank you.

     

     

    Thursday, September 27, 2007 10:29 PM

All replies

  • UAC is only applied to INTERACTIVE tokens which is why you receive a Full token for Batch.

    This is by design.

    thanks

    Frank K [MSFT]

    Follow us on Twitter, www.twitter.com/WindowsSDK

    Wednesday, January 7, 2015 5:30 AM