windows service impersonating logged on interactive user

Question

Dear All,

I have a windows service that runs under the system account and I have a GUI application that communicates with the service via IPC; this GUI application runs under the logged on interactive user account. I have a requirement to do some file operations and for permission reasons I need to do this under the user's account, not under system account. Of course one possible way to do it is to perform the file operations from the GUI project but because of design issues it would be much simpler if the windows service could implement this.

My question is what is the easiest approach? I guess the last bit would be to call ImpersonateLoggedOnUser() somehow but I cannot figure out how I could create a token without knowing the user's username and password.

Thank you for your help!

Regards,
Jozsef

Answer 1

>My question is what is the easiest approach? I guess the last bit would be to call ImpersonateLoggedOnUser() somehow but I cannot figure out how I could create a token without knowing the user's username and password.

The documentation for ImpersonateLoggedOnUser says:

"A handle to a primary or impersonation access token that represents a
logged-on user. This can be a token handle returned by a call to
LogonUser, CreateRestrictedToken, DuplicateToken, DuplicateTokenEx,
OpenProcessToken, or OpenThreadToken functions"

So, are the latter 2 APIs possible options for you?

Dave

Answer 2

Hi David,

Yes, I should have read MSDN more carefully :-/ Thank you for your answer, it was really helpful.

Best regards,
Jozsef