Prev: Shell_NotifyIcon locks up thread under Vista
Next: Delete file fails with ERROR_ACCESS_DENIED
From: nki00 on 20 Jun 2010 04:23
I've been told earlier that to determine if the current process is running
in a Guest account I need to call
OpenProcessToken
GetTokenInformation

But what parameters should I actually call it with?


From: Jackie on 20 Jun 2010 04:41
nki00 wrote:
> I've been told earlier that to determine if the current process is running
> in a Guest account I need to call
> OpenProcessToken
> GetTokenInformation
>
> But what parameters should I actually call it with?
>
>

I think this should be possible with the CreateWellKnownSid API and then
CheckTokenMembership or GetTokenInformation. CheckTokenMembership would
be easier to use. I'm working on an example now for some reason.

--
Regards,
Jackie
From: Jackie on 20 Jun 2010 05:35
Jackie wrote:
> nki00 wrote:
>> I've been told earlier that to determine if the current process is
>> running
>> in a Guest account I need to call
>> OpenProcessToken
>> GetTokenInformation
>>
>> But what parameters should I actually call it with?
>>
>>
>
> I think this should be possible with the CreateWellKnownSid API and then
> CheckTokenMembership or GetTokenInformation. CheckTokenMembership would
> be easier to use. I'm working on an example now for some reason.
>

Okay, here it is:
http://pastebin.com/gmtLbZN5

Now, I am not sure exactly why CheckTokenMembership fails and
GetLastError returns INVALID_HANDLE_VALUE when you try this as a limited
user. Works fine as an elevated user. Maybe I'm not asking for the
access needed or we need more privileges. Either way, it should give you
a clue on how to begin. :)

--
Regards,
Jackie
From: nki00 on 20 Jun 2010 06:46
> Okay, here it is:
> http://pastebin.com/gmtLbZN5
>
> Now, I am not sure exactly why CheckTokenMembership fails and GetLastError
> returns INVALID_HANDLE_VALUE when you try this as a limited user. Works
> fine as an elevated user. Maybe I'm not asking for the access needed or we
> need more privileges. Either way, it should give you a clue on how to
> begin. :)
>
> --
> Regards,
> Jackie



Cool, thanks. I'll work on it a bit more tomorrow (it's too late now) and
will post what I find.

In the meantime, I'm curious, why are you calling DuplicateToken() on a
token?


From: Jackie on 20 Jun 2010 09:25
nki00 wrote:
>> Okay, here it is:
>> http://pastebin.com/gmtLbZN5
>>
>> Now, I am not sure exactly why CheckTokenMembership fails and GetLastError
>> returns INVALID_HANDLE_VALUE when you try this as a limited user. Works
>> fine as an elevated user. Maybe I'm not asking for the access needed or we
>> need more privileges. Either way, it should give you a clue on how to
>> begin. :)
>>
>> --
>> Regards,
>> Jackie
>
>
>
> Cool, thanks. I'll work on it a bit more tomorrow (it's too late now) and
> will post what I find.
>
> In the meantime, I'm curious, why are you calling DuplicateToken() on a
> token?
>
>

The very short answer: If you don't, you will get some sort of "no
impersonation token" error when calling CheckTokenMembership.

--
Regards,
Jackie
 |  Next  |  Last
Pages: 1 2 3 4 5 6
Prev: Shell_NotifyIcon locks up thread under Vista
Next: Delete file fails with ERROR_ACCESS_DENIED