none
CreateProcessAsUser failed

    Question

  • For some reason i need to spawn a seperate process executed in another users context. The Assembly will be used within normal applications and asp.net webapplications also.
    I already got the WindowsIdentity of the new user and so i can impersonate this user for the running process.
    Next i tried to use the CreateProcessAsUser-Method described in KB article 889251 (http://support.microsoft.com/default.aspx?scid=kb;EN-US;889251), but this failed with error 1314 (A required privilege is not held by the client.)
    This happens on WinXP and 2k3 Server, the "Replace a process level token" user right is applied to the impersonated user.
    If i run my test program as the user i want to impersonate, it runs fine.

    What did i miss, any idea?
    thanks in advance
    alberich

    Friday, August 11, 2006 6:43 AM

Answers

  • "To resolve this problem, you'll need to elevate the rights of the account calling CreateProcessAsUser with the "Replace a process level token" right. To do so, open the Control Panel / Administrative Tools / Local Security Policy and add the user account to the "Replace a process level token" right. (You may have to logout or even reboot to have this change take effect.)"

    http://www.tomasello.com/software/wincron/trflpccpas.html

    Anyway, it's strange that the KB article says the same thing about the impersonated user, not about the user doing the impersonation.

    Friday, August 11, 2006 7:40 AM

All replies

  • "To resolve this problem, you'll need to elevate the rights of the account calling CreateProcessAsUser with the "Replace a process level token" right. To do so, open the Control Panel / Administrative Tools / Local Security Policy and add the user account to the "Replace a process level token" right. (You may have to logout or even reboot to have this change take effect.)"

    http://www.tomasello.com/software/wincron/trflpccpas.html

    Anyway, it's strange that the KB article says the same thing about the impersonated user, not about the user doing the impersonation.

    Friday, August 11, 2006 7:40 AM
  • I tried this, but i missed to reboot... Sh**

    Thanks for your quick help.
    alberich
    Friday, August 11, 2006 9:12 AM