Prev: Source code library.
Next: [SOLVED] Looking for a API for listing all Domains/Workgroups on a Network (non WMI solution!)
From: Pete Delgado on 4 Jan 2010 13:20

"Ashish" <akohli_2004(a)hotmail.com> wrote in message
news:eiAOmbjgKHA.1824(a)TK2MSFTNGP04.phx.gbl...
> Below code is not working on windows7 client machine.TOKEN_ELEVATION_TYPE
> is not recognize.
> My problem is when i use CreateFile to open disk/drive then it's fail
> while login user is member of Administrator.

Are you opening a raw device or simply attempting to open a file at the root
level of a drive? Has the process or thread been elevated in some manner?

-Pete


From: Pete Delgado on 12 Jan 2010 11:04

"Pete Delgado" <Peter.Delgado(a)NoSpam.com> wrote in message
news:O$oUygWjKHA.2164(a)TK2MSFTNGP02.phx.gbl...
>> It would be a very flawed security and access control system if it
>> allowed a process to elevate itself to admin above the user's
>> privilege.
>
> ..and yet impersonation does just that. It allows a thread within a
> process started under an account with the SeImpersonatePrivilege right to
> assume the security context of any another principal provided that the
> process was launched with an unfiltered token or that COM elevation has
> been used.

Just wanted to clarify that the impersonation mechanism does not enable a
process to bypass the security mechanisms of the operating system. There are
specific conditions that must be met in order to allow a thread to
impersonate the security context of another principal. These prerequisites
are described in the platform SDK. I noticed that my language in my previous
post implies that an arbitrary process may impersonate the security context
of any other thread with no preconditions and that is not true.

-Pete


First  |  Prev  | 
Pages: 1 2 3
Prev: Source code library.
Next: [SOLVED] Looking for a API for listing all Domains/Workgroups on a Network (non WMI solution!)