Prev: VS2008 On Host Will Not Load Symbols For msvsmon'ed EXE On VM
Next: How to get system time in microseconds in miniport driver
From: Jeff McKay on 1 Dec 2009 18:19
Digging a little deeper in to the situation, I found that
AdjustTokenPrivileges() is actually returning with
ERROR_NOT_ALL_ASSIGNED. So I did two separate calls to
AdjustTokenPrivileges(). The first call
to enable SE_INCREASE_QUOTA_NAME works. The second, to enable
SE_ASSIGNPRIMARYTOKEN_NAME
returns ERROR_NOT_ALL_ASSIGNED. So why can I not set that privilege?

"Jeff McKay" <jeff.mckay(a)comaxis.com> wrote in message
news:vuSdnSc78bwY84nWnZ2dnUVZ_sSdnZ2d(a)supernews.com...

> Would it be true that CreateProcessWithLogonW() is exactly the same as
> doing LogonUser(), ImpersonateLoggedOnUser(), CreateProcessAsUser()?

Not exactly, no. CreateProcessWithLogonW() does not have the calling thread
impersonate the user account.

> I have not been able to test this, since CreateProcessAsUser() fails with
> error 1314.

That means your calling thread does not hold a privilege that
CreateProcessAsUser() itself requires, typically either
SE_INCREASE_QUOTA_NAME or SE_ASSIGNPRIMARYTOKEN_NAME. Look at
AdjustTokenPrivileges().

--
Remy Lebeau (TeamB)

From: Remy Lebeau on 2 Dec 2009 17:11

"Jeff McKay" <jeff.mckay(a)comaxis.com> wrote in message news:DNOdnZWg_bAPOYjWnZ2dnUVZ_sKdnZ2d(a)supernews.com...

> The second, to enable SE_ASSIGNPRIMARYTOKEN_NAME returns
> ERROR_NOT_ALL_ASSIGNED. So why can I not set that privilege?

Perhaps your app is not running in a user/security context that allows that privilege to be enabled?

If the token you pass to CreateProcessAsUser() is a restricted token, then the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not necessary.

--
Remy Lebeau (TeamB)
 | 
Pages: 1
Prev: VS2008 On Host Will Not Load Symbols For msvsmon'ed EXE On VM
Next: How to get system time in microseconds in miniport driver