Tell if the process is running in a Guest account
in [Win32 API]
|
From: Jackie on 20 Jun 2010 09:41 Jackie wrote: >> Cool, thanks. I'll work on it a bit more tomorrow (it's too late now) and >> will post what I find. >> >> In the meantime, I'm curious, why are you calling DuplicateToken() on a >> token? > > The very short answer: If you don't, you will get some sort of "no > impersonation token" error when calling CheckTokenMembership. Just so you don't get me the wrong way, it was not meant in a bad way. :) I also missed a cast on line 43 but it compiles anyway without the casts. I can recall using AllocateAndInitializeSid before to check if a user is an admin, at least.. Maybe you can use that one as well instead of CreateWellKnownSid if you somehow feel like it. -- Regards, Jackie
From: nki00 on 20 Jun 2010 19:48 >> The very short answer: If you don't, you will get some sort of "no >> impersonation token" error when calling CheckTokenMembership. > > Just so you don't get me the wrong way, it was not meant in a bad way. :) > :) How can I complain, you help me.... > I also missed a cast on line 43 but it compiles anyway without the casts. > I can recall using AllocateAndInitializeSid before to check if a user is > an admin, at least.. Maybe you can use that one as well instead of > CreateWellKnownSid if you somehow feel like it. > > -- > Regards, > Jackie Works as a charm on XP, Vista, 7 but CreateWellKnownSid is not present on Win2K and I can't figure out an alternative -- could it be AllocateAndInitializeSid? But it has a totally different parameters. Also, Jackie, is there like a good book or an online resource on the Windows NT security APIs? I just can't read the Microsoft documentation. Thanks again!
From: Jackie on 21 Jun 2010 07:15 nki00 wrote: >>> The very short answer: If you don't, you will get some sort of "no >>> impersonation token" error when calling CheckTokenMembership. >> >> Just so you don't get me the wrong way, it was not meant in a bad way. :) >> > > :) How can I complain, you help me.... > > >> I also missed a cast on line 43 but it compiles anyway without the casts. >> I can recall using AllocateAndInitializeSid before to check if a user is >> an admin, at least.. Maybe you can use that one as well instead of >> CreateWellKnownSid if you somehow feel like it. >> >> -- >> Regards, >> Jackie > > > Works as a charm on XP, Vista, 7 but CreateWellKnownSid is not present on > Win2K and I can't figure out an alternative -- could it be > AllocateAndInitializeSid? But it has a totally different parameters. > > Also, Jackie, is there like a good book or an online resource on the Windows > NT security APIs? I just can't read the Microsoft documentation. > > Thanks again! > > You can use AllocateAndInitializeSid in that case, yes. It's not always easy to understand everything on MSDN in my opinion, and sometimes you may think "Okay you can't use this... What's the alternative? (Nothing?)" or "Which parameters should I use?". This happens in my case at least. Not always clear on MSDN. :( But here's a new one using AllocateAndInitializeSid instead: http://pastebin.com/cD56bZdC Hopefully I got the right parameters to use. You can have a look here: http://msdn.microsoft.com/en-us/library/aa379649 This may be helpful as well: http://msdn.microsoft.com/en-us/library/Aa379602 "SDDL_BUILTIN_GUESTS Built-in guests. The corresponding RID is DOMAIN_ALIAS_RID_GUESTS" So I must have gotten that one right at least. :) -- Regards, Jackie
From: nki00 on 23 Jun 2010 22:46 > But here's a new one using AllocateAndInitializeSid instead: > http://pastebin.com/cD56bZdC > Hey, thanks again. Sorry for my delayed response. I've been busy with some other stuff. There's a bug though. The code works on XP and on Vista as well, but if I right-click this process and select run as Administrator it will not report it as a guest account.
From: Jackie on 24 Jun 2010 05:50
nki00 wrote: >> But here's a new one using AllocateAndInitializeSid instead: >> http://pastebin.com/cD56bZdC >> > > Hey, thanks again. Sorry for my delayed response. I've been busy with some > other stuff. That's okay. Thanks for letting me know. :) > There's a bug though. The code works on XP and on Vista as well, but if I > right-click this process and select run as Administrator it will not report > it as a guest account. Does it work fine when using CreateWellKnownSid in this case? Which SID does it return instead? You can use ConvertSidToStringSid and then check the numbers like explained at the bottom here: http://msdn.microsoft.com/en-us/library/aa379597%28VS.85%29.aspx And are you trying to run this as an administrator from the guest account? -- Regards, Jackie |