locked
About LogonUser/ImpersonateLoggedOnUser in Vista OS RRS feed

  • Question

  • (1) Computer account: A is member of Administrator group, but it still has not privilege to write a file into installation path(c:\program file\...). The files can be wrote to a virtual store path in Vista OS.

     

    (2) If the application's privilege is elevated to administrator. Then this application can write a file into installation path.

     

    (3) There is a new thread(has been elevated to administrator) to Write files into installation path.

    But there are some code before the method fopen, as following:

     

    LogonUser( A, ComputerName/Domain, A's Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,  &hUserToken) ) ;

    ImpersonateLoggedOnUser(hUserToken ) ;

     

    To Reset this thread's privilege to be equal to Computer account A. Because A's privilege can not write file into installastion path,the method fopen(szFilename, "r+b") will fail.

     

      If use Administrator instead of A, fopen will be successful.

     

      I think the above code is very useful for the computer accounts(member of users) in WinXP/Win2003. But in Vista, it can reduce the privilege that we want.

     

       How can I resolve it, and make no difference for WinXP/Win2003?

       I don't want to use the method: Check OS firstly, if it is Vista/Win2008, then jump the code about logonuser/impersonateloggedonuser.

     

    Monday, November 3, 2008 7:15 AM

Answers

  • Using CheckTokenMemberShip API to find whether current thread's access token has administrative privileges? If it has, then jump the code logonuser ?

    • Marked as answer by ScottQ Wednesday, December 24, 2008 2:53 AM
    Monday, November 3, 2008 10:45 AM