From: Sonic.. on
Thanks Uwe,

Your trick worked, i was successfully able to impersonate on all
operating systems.

In Vista, it was the token of the non elevated process i was
receiving. and i did found the API's WTSGetActiveConsoleSessionId and
WTSQueryUserToken useful.

Thank you

On Sep 8, 3:34 pm, Uwe Sieber <m...(a)uwe-sieber.de> wrote:
> Uwe Sieber wrote:
> > Sonic.. wrote:
> >> Hello,
>
> >> I am trying to access a network file and edit that file using
> >> impersonation from an local service.
> >> i use the pid of explorer.exe and obtains it's handle to pass to
> >> OpenProcessToken.
> >> Then i use the token obtained, to pass to ImpersonateLoggedOnUser().
>
> >> Once impersonated i use CreateFile to open an existting network file.
> >> The call fails with error Logon Failure: unknown username or
> >> password.
>
> >> This is happening only in Vista. In 2000, XP and 2003 the code is
> >> working fine.
>
> >> Below is the code that i've used. Please tell me why is the above
> >> happening in Vista
>
> > Stealing the Explorer's token is required under W2K only.
> > Since XP the terminal API has some new functions:
>
> > DWORD id = WTSGetActiveConsoleSessionId();
> > WTSQueryUserToken(id, &hToken);
>
> > Remember that the functions are not aviallable under W2K,
> > so load them at runtime.
>
> And under Vista you might deal with UAC, so there are two
> tokens, maybe only the elveated one has access to your
> network ressource. WTSQueryUserToken returns the non elevated.
> Get the elevated by GetTokenInformation called with
> TokenLinkedToken.
>
> Uwe