locked
Issues with SetTokenInformation API - GetLastError returns an Error 0x00000057 if TokenLogonSid is used. RRS feed

  • Question

  • Hello,

    Could anyone please tell me how to change the Logon SID of the token(which is obtained via LogonUser)?

    I used SetTokenInformation API, but it returns an error "The parameter is incorrect(0x00000057)".

    What will be the issue? Are there any other way to change it.

    I have read that the "CreateProcessWithLogonW" API uses the Logon SID of the  caller  token so that the new process gets the same Logon SID.

    similary I need to assign the Logon SID of the caller token to the new token. Is there any other way to do this?

    Is the "TokenLogonSid" not supported in "SetTokenInformation" API?

    I am using visual c++ 2008 compiler.

    Thanks and Regards,

    Abhi

    Saturday, September 27, 2014 7:13 PM

All replies

  • Hi Abhi,

    The only way to do this is to generate a new token by calling LsaLogonUser() and adding the appropriate Group(s)(Logon SID) via the LocalGroups parameter.  You can't add a group (Logon SID) to an existing token.

    thanks

    Frank K [MSFT]

    Tuesday, October 7, 2014 10:14 PM