locked
WTSQueryUserToken() gives ERROR_PRIVILEGE_NOT_HELD RRS feed

  • Question

  • hi all,

    I want to run .exe from service program in vista, which have run in user session insted of service session as session0.

    I tried following code, but it fails at 'WTSQueryUserToken' function giving error : error number1314: A required privilege is not held by the client.

    In MSDN I see that what I'm getting is the errorERROR_PRIVILEGE_NOT_HELD which means:The caller does not have theSE_TCB_NAME privilege. How can I set this previledge?

     

    Here is my source:

     

    HANDLE hTokenNew = NULL, hTokenDup = NULL;
    HMODULE  hmod = LoadLibrary("kernel32.dll");

    PVOID proc = GetProcAddress(hmod, "WTSGetActiveConsoleSessionId"); 
    DWORD dwSessionId = WTSGetActiveConsoleSessionId();   

                

    f(!WTSQueryUserToken(dwSessionId, &hTokenNew)){
        ErrorExit("WTSQueryUserToken");
    }
      
    DuplicateTokenEx(hTokenNew,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hTokenDup);
    WriteToFile("Calling lpfnCreateEnvironmentBlock");


    ZeroMemory( &si, sizeof( STARTUPINFO ) );
    si.cb = sizeof( STARTUPINFO );
    si.lpDesktop = "winsta0\\default";

     

    LPVOID  pEnv = NULL;
    DWORD dwCreationFlag = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
    HMODULE hModule = LoadLibrary("Userenv.dll");
    if(hModule )
    {

    PVOID _imp_CreateEnvironmentBlock = GetProcAddress( hModule, "CreateEnvironmentBlock" );
      if( _imp_CreateEnvironmentBlock != NULL )
      {
      
       if(CreateEnvironmentBlock(&pEnv, hTokenDup, FALSE))
       {
        WriteToFile("CreateEnvironmentBlock Ok");
        dwCreationFlag |= CREATE_UNICODE_ENVIRONMENT;   
       }
       else
       {
        pEnv = NULL;
       }
      }
     }
     
     ZeroMemory( &pi,sizeof(pi));
     
     if ( !CreateProcessAsUser(
      hTokenDup,
      NULL,
      "E:\\example.exe", 
      NULL,
      NULL,
      FALSE,
      dwCreationFlag,
      pEnv,
      NULL,
      &si,
      &pi
      ) )
     {
      ErrorExit("CreareProcessAsUser");
      return FALSE;
      //goto RESTORE;
     }

     

    Please reply,

    thanks in advance

    Thursday, January 17, 2008 1:08 PM

All replies

  • BOOL __fastcall EnablePrivilege(LPCTSTR lpszPrivilegeName,BOOL bEnable)

    {

    HANDLE hToken;

    TOKEN_PRIVILEGES tp;

    LUID luid;

    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES |

    TOKEN_QUERY | TOKEN_READ,&hToken))

    return FALSE;

    if(!LookupPrivilegeValue(NULL, lpszPrivilegeName, &luid))

    return TRUE;

    tp.PrivilegeCount = 1;

    tp.Privileges[0].Luid = luid;

    tp.Privileges[0].Attributes = (bEnable) ? SE_PRIVILEGE_ENABLED : 0;

    AdjustTokenPrivileges(hToken,FALSE,&tp,NULL,NULL,NULL);

    CloseHandle(hToken);

    return (GetLastError() == ERROR_SUCCESS);

    }

     

     

    Call this function with parameter:

    ...

    EnablePrivilege(SE_TCB_NAME,true);

     

    ...

    WTSQueryUserToken....

    Monday, May 12, 2008 8:46 AM
  • That only enables the privilege if the caller has it. A user should never have that one...

    That code should never work in production environment. It's possible it could be made to work for testing purposes though.

     

    Friday, May 23, 2008 8:28 PM
  • Services should have SE_TCB_NAME privilege. If it is not enabled by default, you will have to enable it. Of course, user processes won't have SE_TCP_NAME privilege. 
    Tuesday, July 1, 2008 8:34 AM
  • Most LocalSYSTEM services may have it, but services running under other identities typically don't.

    Friday, July 4, 2008 12:54 AM